10341000x800000000000000059058047Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:32:37.817{B81B27B7-7A15-619D-DA36-01000000CC01}8363852C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{B81B27B7-28B3-6193-2C00-00000000CC01}2332C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058046Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:32:37.660{B81B27B7-28B4-6193-3100-00000000CC01}31203140C:\Windows\system32\conhost.exe{B81B27B7-7A15-619D-DA36-01000000CC01}836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058045Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:32:37.660{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058044Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:32:37.660{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058043Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:32:37.660{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058042Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:32:37.660{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058041Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:32:37.660{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058040Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:32:37.660{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058039Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:32:37.660{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058038Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:32:37.660{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058037Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:32:37.660{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058036Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:32:37.660{B81B27B7-28B0-6193-0500-00000000CC01}408384C:\Windows\system32\csrss.exe{B81B27B7-7A15-619D-DA36-01000000CC01}836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000059058035Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:32:37.660{B81B27B7-28B3-6193-2C00-00000000CC01}23323408C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{B81B27B7-7A15-619D-DA36-01000000CC01}836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000059058034Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:32:37.646{B81B27B7-7A15-619D-DA36-01000000CC01}836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{B81B27B7-28B1-6193-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{B81B27B7-28B3-6193-2C00-00000000CC01}2332C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000059058033Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:32:37.629{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A76CBD1A70ABBF66F8575558FC9C78C4,SHA256=1E1A529E885DF4E9D0BC167D3857106B19A1AE6636EF75421DF4DE8C7E12479C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x8000000000000000115872555Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:01.697{3BF36828-98A5-6185-ED00-00000000CC01}2352C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local61807-false10.0.1.12-8000- 23542300x8000000000000000115872554Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:32:37.105{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=59DF62928967ED8BBB33D080696CADDA,SHA256=CA122FBF56557B892037454DC38D68EE2DD0C1DE7E358384616E6B35B0C3B3AC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115872553Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:32:37.105{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=543D15A47A366B6FBF209321CF79F81C,SHA256=7BD86C2C217712E0D2149CA083E01703BFB3C9B28E86A27DBD60146B2E7BD78A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058065Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:32:38.770{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B375A9DF65B8DFAA94E4BD9F1DA0C6D9,SHA256=42D21A28946EDD41E6F4E22C7F8B3CEC7D52CEB98729BFF76E1066087C92A75C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058064Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:32:38.645{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=556B39DFEAF093AA4A798B387EF43AB7,SHA256=9F08480516C9455034EECCF70F1CD32432B4F3FCC293B24F09F96A0719EBF6CE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058063Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:32:38.645{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F348D9460C16B08C898B6D4E5DA071B3,SHA256=E3952F4A5F059C4E0B24780E409B4B3D3A411053DB82B35A86AA0CFCE9D69C1C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x8000000000000000115872558Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:02.066{3BF36828-9797-6185-0B00-00000000CC01}636C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-128.attackrange.local61808-true0:0:0:0:0:0:0:1win-dc-128.attackrange.local389ldap 354300x8000000000000000115872557Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:02.066{3BF36828-97A9-6185-2800-00000000CC01}2876C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-128.attackrange.local61808-true0:0:0:0:0:0:0:1win-dc-128.attackrange.local389ldap 23542300x8000000000000000115872556Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:32:38.136{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=709E060C763391F4AF5CBEBBD6752441,SHA256=E98840C43A979ED8337BE70C12E0C3DE648B550A3FD256A85C6A1A1E63950CE5,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000059058062Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:32:38.520{B81B27B7-7A16-619D-DB36-01000000CC01}34725728C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{B81B27B7-28B3-6193-2C00-00000000CC01}2332C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000059058061Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:32:24.845{B81B27B7-28BE-6193-7E00-00000000CC01}5272C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58075-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 10341000x800000000000000059058060Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:32:38.348{B81B27B7-28B4-6193-3100-00000000CC01}31203140C:\Windows\system32\conhost.exe{B81B27B7-7A16-619D-DB36-01000000CC01}3472C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058059Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:32:38.348{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058058Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:32:38.348{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058057Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:32:38.348{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058056Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:32:38.348{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058055Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:32:38.348{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058054Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:32:38.348{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058053Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:32:38.348{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058052Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:32:38.348{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058051Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:32:38.348{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058050Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:32:38.348{B81B27B7-28B0-6193-0500-00000000CC01}408424C:\Windows\system32\csrss.exe{B81B27B7-7A16-619D-DB36-01000000CC01}3472C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000059058049Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:32:38.332{B81B27B7-28B3-6193-2C00-00000000CC01}23323408C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{B81B27B7-7A16-619D-DB36-01000000CC01}3472C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000059058048Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:32:38.333{B81B27B7-7A16-619D-DB36-01000000CC01}3472C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{B81B27B7-28B1-6193-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{B81B27B7-28B3-6193-2C00-00000000CC01}2332C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000059058093Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:32:39.911{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3EE0112749629CE52F87312EDEEC7C92,SHA256=561433339C1A7A576E2DD02AFE48BC7429CFF4B221AB9F09682D5150F87F1EAE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115872559Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:32:39.167{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=99E1F6680854A7BD73BEF5517CF1AEBF,SHA256=E5CF52AE60254C89AFC77E349C4B3EC1B74E0A63B0CC496577D92128DEB615F8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000059058092Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:32:39.567{B81B27B7-28B4-6193-3100-00000000CC01}31203140C:\Windows\system32\conhost.exe{B81B27B7-7A17-619D-DD36-01000000CC01}1272C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058091Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:32:39.567{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058090Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:32:39.567{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058089Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:32:39.567{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058088Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:32:39.567{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058087Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:32:39.567{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058086Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:32:39.567{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058085Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:32:39.567{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058084Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:32:39.567{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058083Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:32:39.567{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058082Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:32:39.567{B81B27B7-28B0-6193-0500-00000000CC01}408528C:\Windows\system32\csrss.exe{B81B27B7-7A17-619D-DD36-01000000CC01}1272C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000059058081Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:32:39.567{B81B27B7-28B3-6193-2C00-00000000CC01}23323408C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{B81B27B7-7A17-619D-DD36-01000000CC01}1272C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000059058080Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:32:39.552{B81B27B7-7A17-619D-DD36-01000000CC01}1272C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{B81B27B7-28B1-6193-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{B81B27B7-28B3-6193-2C00-00000000CC01}2332C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000059058079Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:32:39.176{B81B27B7-7A17-619D-DC36-01000000CC01}56481896C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{B81B27B7-28B3-6193-2C00-00000000CC01}2332C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058078Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:32:39.035{B81B27B7-28B4-6193-3100-00000000CC01}31203140C:\Windows\system32\conhost.exe{B81B27B7-7A17-619D-DC36-01000000CC01}5648C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058077Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:32:39.035{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058076Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:32:39.035{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058075Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:32:39.035{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058074Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:32:39.035{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058073Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:32:39.035{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058072Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:32:39.035{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058071Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:32:39.035{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058070Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:32:39.035{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058069Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:32:39.035{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058068Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:32:39.035{B81B27B7-28B0-6193-0500-00000000CC01}408384C:\Windows\system32\csrss.exe{B81B27B7-7A17-619D-DC36-01000000CC01}5648C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000059058067Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:32:39.020{B81B27B7-28B3-6193-2C00-00000000CC01}23323408C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{B81B27B7-7A17-619D-DC36-01000000CC01}5648C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000059058066Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:32:39.021{B81B27B7-7A17-619D-DC36-01000000CC01}5648C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{B81B27B7-28B1-6193-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{B81B27B7-28B3-6193-2C00-00000000CC01}2332C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000059058095Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:32:40.926{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=18C14626287BD1AB7F524DD18D68893E,SHA256=4294331AEC380CBA27CF7C721B02C840AEB2E32A6A538B645A31E9BA071A5ED1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115872560Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:32:40.184{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=53E5DD7BD5F18C5A561F01A558B8AE4D,SHA256=A6361E7E2CFD02DF0C8D80F87A6550E3193A1EA05E3AABDD1C2BB1FCF932A198,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058094Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:32:40.052{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=556B39DFEAF093AA4A798B387EF43AB7,SHA256=9F08480516C9455034EECCF70F1CD32432B4F3FCC293B24F09F96A0719EBF6CE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115872561Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:32:41.202{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=270B770B4887620EAFCBAB968F21BDD6,SHA256=74A5211262217DA0A9351D726D438BC12BBDF2500909435F2A9A6E612088E999,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058096Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:32:42.160{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FE63DFD0CD34D5A2DA0AAB4402E3FAEA,SHA256=BEE9A743648E13EF5AB00829327B6BFD212E2A49A5B4D42B7D5694D47E72084C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115872564Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:32:42.232{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A4D669E7CEE6C96A4F4129CBEED37743,SHA256=048FF861ABDE34E4524CD9CE5E5FA9620AB8CEAE3CFF7A473A34828EC9F2FCB4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115872563Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:32:42.117{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=92904EFB484E8E17CC6EC1A970D346A3,SHA256=306C0F61DCD827FEB07A29A0FDC3ACF984D2822F0961097528ADA1A3BB883207,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115872562Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:32:42.117{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=493729542CD58D0C79C778102F9FD94C,SHA256=D77C57266695FA9FB70782934A170EB40A780B6BD2B9805F9941B0D031CD62E6,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058097Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:32:43.223{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AA1F1DAAD7D0450E10D515E24956F0CD,SHA256=53835487AE4651D9C7EB421B510CCCA6BCA79EE116F8B89ED66157C7693D6510,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115872567Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:32:43.567{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=92904EFB484E8E17CC6EC1A970D346A3,SHA256=306C0F61DCD827FEB07A29A0FDC3ACF984D2822F0961097528ADA1A3BB883207,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x8000000000000000115872566Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:06.755{3BF36828-98A5-6185-ED00-00000000CC01}2352C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local61809-false10.0.1.12-8000- 23542300x8000000000000000115872565Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:32:43.236{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=718FE5AA179B14D04326EA70B046EAFF,SHA256=FF8F4EF21F6485652A2BCE52653A8B7F2F6E217FA2EFCD464CA8F6AEB3BFE1EA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115872568Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:32:44.266{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A1C438F7379484927FE94F3CAB81347A,SHA256=C19C5D825A91ABE315148EF0273A82B00D50FDABC6AF927DBDFE3BFCCFA2D262,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000059058099Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:32:30.751{B81B27B7-28BE-6193-7E00-00000000CC01}5272C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58076-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000059058098Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:32:44.254{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=769F4EA305BD3322A484D0F9869C8C31,SHA256=2FBD8BB2D4BFF0923E4AF21E111011F2D348830F7BE10E5C86BD8F0D6180A40C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115872569Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:32:45.267{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3A7E1EDC80A2E1C48F7EF4262E97EFDA,SHA256=513C89F473F3675918C87B9D6778C3D4ED0628A5ED26D5CE6EED203E93B6030E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058100Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:32:45.270{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8A8A37833AAA89D8D838EBEEA1B46D96,SHA256=EA7662C55D6FEB888F00BCCCD9BE96A1B1FD0EECC97304FFA166D78D530BF66B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115872570Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:32:46.284{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=82C21F6F44EB0884847B922C783F0BD6,SHA256=0B894B50E48293A053D7D96136AD2C533575D96E6004F498A1299E75B13E14C3,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058101Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:32:46.285{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=41A7FB55AD9DD74D50F544E4CE214D69,SHA256=CC9B8FEC4B506B6AC46D5F3D1E6EF2255B6355D642DC3D0C7E951ACF6D404D93,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115872572Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:32:47.319{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A89DA0409713DC5670AEA45E183909A0,SHA256=9F52036C88472433AA733410C7B868615AA4C5D4A084A0DBC856B0E04A68375C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058102Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:32:47.332{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8DCA7EE02A765E9F84DAB0B06637CDBA,SHA256=BA8675597A24E87ED763CF44F9D818F30A14E7EA18146ACAD067C59FF8B64915,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115872571Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:32:47.150{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=BA71517D06754903344D7D8EE3785BA6,SHA256=5D7ED70CA9F318EFB51ECF7943864A5079F30509A5E451C63B0FA3BA370EED9A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x8000000000000000115872575Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:11.787{3BF36828-98A5-6185-ED00-00000000CC01}2352C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local61810-false10.0.1.12-8000- 23542300x8000000000000000115872574Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:32:48.548{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=3A620C30CFD6CF58514388A66D7693FC,SHA256=EED7C6E1B3A157C0417B4D41F9999A6626EE501EBD05D778C391DCB05925E29B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115872573Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:32:48.349{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=016D60014F471DF241C7C36A15E562F9,SHA256=964D11C94E2104593EDF9494C2C024F0C1DD4C7457B5EE046AD9509164215C44,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058103Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:32:48.340{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3CEF4A43EBC7A3A89C7306FEB22F8A1E,SHA256=CE10A3453847F0B3FDBE9681FE04A1A8C2B467EAA38F1DCB6DD1F56E7AD05556,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115872576Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:32:49.381{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6DAD1375ECB7B0B5A2C5AB8A9329A084,SHA256=2B463A817EF5537E2461B47D095DBAC36911767FA2656752E4107385C4D30E99,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000059058105Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:32:35.791{B81B27B7-28BE-6193-7E00-00000000CC01}5272C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58077-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000059058104Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:32:49.372{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B59861FFE72D15694003C28DB0E2292B,SHA256=4617E309B561175995734657CC76FB2253C1C2AE5DDCB30774E86FF38D08A906,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115872577Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:32:50.399{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CF38C59935BDB65EBDC9E0637D6181A0,SHA256=9CD2075652A3C8040F645409F3959ADC3FE64D4773F9B067C0A1170323FA38CE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058106Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:32:50.372{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=18C40150FCB09020134C2C6B5174513C,SHA256=F813A8115AC438AA7BBB518181C4FC790306501191C5A8AAA7D0C25DFB860970,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058107Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:32:51.387{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5AADB8D2C72753DAE7ECF45164D10563,SHA256=29818D1B38A2B6FD046C888B48944D0779B32DD8E1B36C04A236928F9E421AF0,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115872578Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:32:51.414{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A049A255AF8F40760C7D3068CD72430C,SHA256=507904C855F03ABA9DB26B4418D3300963826B29CAA78789C1E4CC051FD37E9B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058108Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:32:52.403{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A0FFB0A39306CAF3F0A57F60784783C0,SHA256=5D5B1854A91C202B93D8A2B3964B5365F2105377785622744C1B7F5EB65009B0,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x8000000000000000115872581Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:16.883{3BF36828-98A5-6185-ED00-00000000CC01}2352C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local61811-false10.0.1.12-8000- 23542300x8000000000000000115872580Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:32:52.429{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DCC5DF811134883945100AFB00E60181,SHA256=361019E6C19670AE460C57DBE902F2B4F7E68D4D18A580E8D758245C377FDE52,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115872579Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:32:52.244{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=5BE10FF99974677BC5CECE47754F0176,SHA256=1BA5AB55348A579CC3B7D496B80ED914C7BE83096B501FD152B294116EBAD713,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058109Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:32:53.434{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C914FF9156B8E6B916891048FCE5F4FB,SHA256=1C90151447E2D192D6C407CF7DECC32B5DEEFB534AA0236372314BECB18FE950,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115872582Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:32:53.478{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=675FFD15688BD3BE53809F9469AFC50E,SHA256=BC4643FD8FA0E79D70A392544CB3430E34284D65D97480742B92E60702E5BA72,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000059058111Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:32:40.822{B81B27B7-28BE-6193-7E00-00000000CC01}5272C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58078-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000059058110Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:32:54.669{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=648184FC74B23FC3126E41AC386BB160,SHA256=752FB0D662CEA4D9CF6C360A5E61AA34B160A775B0A3151B8F78457695B6442D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115872583Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:32:54.512{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=087A2269096C7D75C0017C1509538556,SHA256=556386CB10DF5205B39912E65BAB8429CCA2F7F28C446F9FCC366644658F55F0,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058112Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:32:55.825{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=895F2FD0735D895E95D694DDE9041622,SHA256=4EA027A4E9D74861F4C3CB05A379F1E829432811AD3BC9E7EEAEC877A2128B1E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115872584Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:32:55.526{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9E86E2B7B47526FD0A76362816530944,SHA256=44E1FFCFC7AB8D49AA7E1926E6ED707D06405C7CB59DEBE0600C5AB2AA878795,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058113Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:32:56.840{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1588758265D0B67C814D72DE4C57757B,SHA256=C022F59ADCC40B8FBDD9EED39A7EF66726E013A336142350B08BD8186378FECF,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115872585Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:32:56.542{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C7CA806CD6490012F9923CA56D44118E,SHA256=CA4389240DD848C603ACA47A34DF93F23EF2EB9C48103A918F415ED3F94DD667,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058114Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:32:57.842{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4230D9A4F86DCD74CB93AB06BCCA5A95,SHA256=DE68A6D094261BA6201999DDE02B610BD8DDCDA9FDEF5DB4C5D1DABAE3EE5528,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x8000000000000000115872589Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:21.910{3BF36828-98A5-6185-ED00-00000000CC01}2352C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local61812-false10.0.1.12-8000- 23542300x8000000000000000115872588Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:32:57.557{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=31764AEC1A1622A3CC24CD995E1FD0B6,SHA256=AB75E7443F20E0A040BEC3F34D28FC7A2B8BCB640A8243CBE7EACFB48CF0152B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115872587Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:32:57.276{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=0811575AC0AFF637ECAD1A3DFBCC7C48,SHA256=DEB197FCBA5E14A4054ACAEAD07665557F624B3A3D86787AA35E0E4FE09EBF84,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115872586Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:32:57.275{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=21A4FD6CD8D386323CA31D08D9CF755E,SHA256=8E73A3AE8D40EE6C0D6C9C26D25627C1CFAEA54343E1676B7756E2C8DBD84382,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058115Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:32:58.842{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4F44B2A5C35EF6CA9AFA5646DABE9D64,SHA256=F256CD0F907FBD0823948054C6CD20675F3E61F253F9E3A38BA5AA9C4BB0C72A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115872590Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:32:58.574{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2019B6416B23C5A50DA062B77DF2FDEB,SHA256=9BD7DD489D90A2252B575DBDD13A359654B17B7A6938DFD335F3FF845497C4BB,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000059058117Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:32:45.886{B81B27B7-28BE-6193-7E00-00000000CC01}5272C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58079-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000059058116Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:32:59.857{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=920C5B801006553EB9F2A665A23ACF83,SHA256=9E0659B573EC1833FC504027A12501A8691A9C983C771E1F2F42B53D6A3C478B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115872591Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:32:59.593{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FC0C219A496D40F15F33803F275906F4,SHA256=CAB5A9E29EC803BDBBB955FE8F945DE15FE1E75C826CE170E1EF0B9E22EA3836,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115872592Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:00.608{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6D8B3B6CA5AC6070A7BFC9BDD319CADD,SHA256=7D62D32866B1654B64138805CEBAC84779DE34C5F94240585946F390ECFB2DAE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058118Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:00.873{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7AC0F133D8272BB38615BAC9425EAFED,SHA256=F3F8533F62A4E5BA73F334E42C15212B354B98809C82E1F64557AAA71B14E0C8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058119Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:01.889{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CE5720884184D88DCAF9A1E2BE91EEB4,SHA256=B1A0E427AE579215FCB0857CCB991B4985EE906CE9D2A8597CCC1186263B8ED9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115872593Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:01.639{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CD15C6836627E672D30DA3C607E029BD,SHA256=7EBC4F59909A868F7CD4201AEB2504CE892B34A149043B6F007C1D49A46F1E8F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058120Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:02.905{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C79632A61BCE5BB750D3DD2BBA0441E4,SHA256=4A6A7586A2988E1AA311C3F56FF181FB76AE9A6A91C5892FE8C647EC74A125DF,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115872594Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:02.653{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A9091B61962EC0B8ECD523E130A072C2,SHA256=4B825A6AB879844395F2C9E1A1FA19D3D33E651F27E8132CF7525E83697C6789,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058121Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:03.920{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5B4D2337D7E18AE48E58C64784B7D557,SHA256=891742F782064668F267D4755CDBB4C5B47CE841F36350EFB24907D65A3F0EE8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115872597Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:03.705{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3145B9E7D2BE5600A344C5E0EC36D64D,SHA256=2F0D80132946389CF8B0DAA40C6C9F71978017DE004ED98B12DF69C199AAAFF9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115872596Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:03.172{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=FBC57BC63AED01F548748DF5A73087AA,SHA256=12737639AA80C0532A4F006CCEECA766F3C2EC3B8FEAD19D5613526292151423,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115872595Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:03.171{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=0811575AC0AFF637ECAD1A3DFBCC7C48,SHA256=DEB197FCBA5E14A4054ACAEAD07665557F624B3A3D86787AA35E0E4FE09EBF84,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058123Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:04.935{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D5C42AE74F49079A4193E35ECA5DB68F,SHA256=C319593CECCB8A8299499622BC93849210325BE48A39FD6DA72D4027240AAECC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115872599Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:04.736{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C8CAD0C79A28CD3A4B63591F28D09DC6,SHA256=3C74BB16E2397777E7F5117DFC73D2F25784A070F52A1A668D1FF59CDDFB9FF1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058122Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:04.248{B81B27B7-28B3-6193-2C00-00000000CC01}2332NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=9D45E1BDB6F237A6CF51FFC6A12E6130,SHA256=87EEE278CDF62B2B86AF9CB87BDB04BAFB10272CEA175D83979B0C43158C5AB9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x8000000000000000115872598Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:27.807{3BF36828-98A5-6185-ED00-00000000CC01}2352C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local61813-false10.0.1.12-8000- 23542300x800000000000000059058124Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:05.951{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B9CB09C3925E1D6430F9DBC582A3B8BE,SHA256=75D0353A7527F1D86EC105746EC4A1AA67C97354C5B60B9FAAF3BF210688545B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115872600Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:05.751{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D25F7CD579A053CCC9FABF65977BC714,SHA256=7A5E469DC560957652073301AD2AF0AD926FA70F1D2A9B9179CC415268E4BCDA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058127Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:06.951{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9A599F6A5C1C2E8B487ABA3711C0617A,SHA256=A6D0C4195CA9DD285975D623EEABDDFEC977286973A45192CD5F519BB7EBA6B2,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115872601Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:06.752{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=428DC88C2B67ADAF54A7611EF527EFB6,SHA256=B37F8302D4062842252C33537C59E1156AEA836E9DD90BAC23EBB35DB6AB9556,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000059058126Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:32:51.917{B81B27B7-28B3-6193-2C00-00000000CC01}2332C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58081-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8089- 354300x800000000000000059058125Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:32:51.761{B81B27B7-28BE-6193-7E00-00000000CC01}5272C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58080-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000059058128Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:07.958{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7D413963563BB3C2A05014A1D1D758AA,SHA256=AC9C297ACCF888C402ABC139A0F5DFB30EFB16A0854BFF3A5B8140A31A66B2C0,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115872602Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:07.789{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0A99D3FE5A5DDB98C14B7AFCCC55FC95,SHA256=439A24DDF5B761AABC8B095CE569251850C7180694761A9A6591851A5448E94C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058129Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:08.962{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=057D4AFE252F89E8DCA15D883ECFF665,SHA256=22AFC0F8BFEA5ACB1D55D70762FC56E4ACE5FA2A3B30A3300619D87495FBD445,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115872605Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:08.820{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BC178D9C5B124494154D173394EE9400,SHA256=065FA22F3548DEAC93EE5E4D36FD96F79A43B2F371C540BD7B578D4C9C198B91,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115872604Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:08.270{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F4B541D36B23FA068C1921ABD072C2A0,SHA256=DD8F7A9CEC144D5BC8210E28D4782D5131B5D851D22982445E9B5100DF0B544B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115872603Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:08.269{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=FBC57BC63AED01F548748DF5A73087AA,SHA256=12737639AA80C0532A4F006CCEECA766F3C2EC3B8FEAD19D5613526292151423,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058130Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:09.977{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=66059D8C1C46AB6577D99D030C89B766,SHA256=487EA0AE463EEC757D3988E85E7BC7D39D692D47A0EBA97CF6735CFB14CF070C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115872606Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:09.850{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=60FB5D0AB08E8643D82EADC486F1789E,SHA256=E3661AB1F7ECBB63C16F8AAD226CDC4F2360FD6C644EAC950CCB1D89EC6E72D7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058132Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:10.993{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6BBBBE59436DD1C93C68F70E06F7D00A,SHA256=FED46312D7D684F9A7B18B6453DCA3006511D4517878A189E4A84FF3FFCA5CE9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115872608Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:10.886{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F55ADC0255BA291B8F99DCC4CB8AD0AF,SHA256=E8C4C983A86446B35E9B5D2C7D20BCDEE5B8B7578C44C7265464DFDC45D662CA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000059058131Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:32:56.896{B81B27B7-28BE-6193-7E00-00000000CC01}5272C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58082-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 354300x8000000000000000115872607Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:32.904{3BF36828-98A5-6185-ED00-00000000CC01}2352C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local61814-false10.0.1.12-8000- 23542300x8000000000000000115872609Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:11.948{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=633A1EE0EB9D98E3D24DEABDEB1F7BC7,SHA256=EF12E736C38B4C1B67129EC7990C389ED56DC4EF7D0273F3A8F58A20D13E9C29,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115872610Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:12.968{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=11CAF51C207E05268AC9859FCC79E13D,SHA256=319EE18074A73DEC419E8DF8A8D56D15628061BE3300923F379019714B5AF4E9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058133Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:12.009{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=87430B70E9FC3772AFD4D1F309928AE9,SHA256=CF84CEF5FE243AEBF214AE422EFA9FBDC756955B3E99A24D6BD11B4692481524,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058134Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:13.009{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6BAE19289FF8B3221C70B3B23C5288B1,SHA256=535A5376B00AA325F7B7223D1739AAE7DB136DA0C24A0CAAED1E82AAC7EF71AA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058135Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:14.024{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A6777DDADB14116BD9FA6DC3A13BD05E,SHA256=C3571D643519888AAEEB33B5FE5D696F9DDBB6F076FA5449718015EBB1817000,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115872613Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:14.099{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=52371AC5A047DD83B9408E42824A887C,SHA256=BB2EC450C4C6F738A0D92AB0827A925A1567026B15E76D491DB83B2D45E4F7E8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115872612Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:14.099{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F4B541D36B23FA068C1921ABD072C2A0,SHA256=DD8F7A9CEC144D5BC8210E28D4782D5131B5D851D22982445E9B5100DF0B544B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115872611Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:13.999{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=68C8B20F24752909993C4F6AB0686B1C,SHA256=863930EB3C8183950F2987FB5818C7C4A3E4498EECDF95151D03A0ACBDE1A8E7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058136Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:15.040{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3FB6F7362E11ACF39891B68FB6093F25,SHA256=07E274631B2B19F77E335662C2CA343857E95D75F2F832D4978C458B1DD0070C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x8000000000000000115872615Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:38.700{3BF36828-98A5-6185-ED00-00000000CC01}2352C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local61815-false10.0.1.12-8000- 23542300x8000000000000000115872614Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:15.029{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=583E422F658223FAD8AA960569C0708F,SHA256=5EC0A8B10F31415B19C71972E2EE9B219CD43DEACD10EDE94EF608D016376C02,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000059058138Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:02.834{B81B27B7-28BE-6193-7E00-00000000CC01}5272C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58083-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000059058137Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:16.056{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7C1956E4111B604D4304EF81C1FB8C67,SHA256=0849A6DE037884699EC1DC125A4651D39CD15FFBAFD9852FC384652461645183,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115872616Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:16.062{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4328CB02A61F8D9E990614F038A2B892,SHA256=DE2C0002700D5426FC8B7F3A331D057F88DEF232AAA6185AB79FBB4B1F5FCA4F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115872618Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:17.680{3BF36828-9799-6185-1100-00000000CC01}424NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=E106E0FCF3F5D97032147F267A1FB991,SHA256=88431812E10827FF9C64F9989B4543206ABF44E91A81DA422877B6CDE134EB57,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115872617Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:17.097{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9F90965132516A3149099426761F607D,SHA256=BDD63F357E7EB4F6522AC569454C5E9518BCF1C352180CF376AB57DE8D180D19,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058139Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:17.056{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D701C49607727B1BA60E1D9A7347F26B,SHA256=97388735FDE100691AB183F8E5C02064BCFD838E05B8671313D0F915DF512C0A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115872619Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:18.127{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=311E9EAACADD9A16FAA42A2CAC5653BF,SHA256=B5012B65510C0A46AD1000A1E436BB27EF0597A3E39EC83AD9657DCB0FDE3336,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058140Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:18.071{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=023B0552247FF53F4B3BF2165DADC4B4,SHA256=5BF2146D2A2414B66914E569BBBCD65E9836A7BBB0ED91D2183E1CB5A9955821,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058141Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:19.149{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=87F6888311312ADF0AA8C30BA325DD0B,SHA256=C7D0840868EFEA5A09FCA4583B18B6B8BAA14DF419BBBEAA62A8C07116DD79C8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x8000000000000000115872623Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:43.833{3BF36828-98A5-6185-ED00-00000000CC01}2352C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local61816-false10.0.1.12-8000- 23542300x8000000000000000115872622Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:19.195{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=62A80D66CDD1DF99FFD1A8FC4ABA7877,SHA256=23464C39BC5D587E5D866A26C9DC4963209B8C35267D0CA76A809F8DB2BE01F9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115872621Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:19.195{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=52371AC5A047DD83B9408E42824A887C,SHA256=BB2EC450C4C6F738A0D92AB0827A925A1567026B15E76D491DB83B2D45E4F7E8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115872620Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:19.160{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2C6CE4BA494A989170EC3CC3533A8488,SHA256=EF88A5561F20B1329923EFEF5FFBA34778CD99A5DC605B2ED5A8917264B83706,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058142Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:20.384{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DB01C1744324762B5B99493D62049E95,SHA256=F7C5116DA763A338AA7B72FFB616F129463B12F1A01D3CCA2839BDC541B963C3,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115872625Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:20.977{3BF36828-989D-6185-BF00-00000000CC01}2968NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=9D45E1BDB6F237A6CF51FFC6A12E6130,SHA256=87EEE278CDF62B2B86AF9CB87BDB04BAFB10272CEA175D83979B0C43158C5AB9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115872624Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:20.178{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A4D4B24B0008014B6FAABE009BD71C47,SHA256=5F9795C6772E35B7325DD233D58A393837FA175F068DD70543C0E33B976FB95D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000059058144Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:07.912{B81B27B7-28BE-6193-7E00-00000000CC01}5272C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58084-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000059058143Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:21.399{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=11E9C172AD2D0AB205935F7526B84D7A,SHA256=0444AC855DF06035AD15DB43196E756BDA40FECD7B17CF9FF0F3E759323587F9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115872627Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:21.961{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=62A80D66CDD1DF99FFD1A8FC4ABA7877,SHA256=23464C39BC5D587E5D866A26C9DC4963209B8C35267D0CA76A809F8DB2BE01F9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115872626Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:21.193{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=080CDBB369C8AF39DBC752F1C4C98E80,SHA256=D09B5032347ADC9026B7DE6096130AD6891C73D2F2C08EDF038CE8810656B01E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058145Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:22.634{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EE396777996A39FBE54F00CAA9909C74,SHA256=B0C4C21EF0BA276456CA63723BAC79B96ADCAB96707494DAC2EF7D3E485560A3,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x8000000000000000115872629Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:46.609{3BF36828-989D-6185-BF00-00000000CC01}2968C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local61817-false10.0.1.12-8089- 23542300x8000000000000000115872628Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:22.223{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=888BA99FBB9BACCAD1E286EB30BF2193,SHA256=1250226E79DDD5FBDC16E9FFF6F27491A1E65774343F75586310A0B53803032F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058147Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:23.649{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8B52BC1D08433F0388D1E3DE96CCD575,SHA256=105910F9C65A592BA13CA8D7B5EBACAD1ED81D9A8D21CB906358677C4002A722,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115872631Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:23.591{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=963279E88D158FDDCB6CFDB7E4509A60,SHA256=53901AFEA51112C29F6E7934CFCB41AFD15B1CA5B09F38AFF62966E3726A6EC7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115872630Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:23.257{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5F89036B5C63EDD2830DADDCBB4E0A22,SHA256=9CA60259C5776264D09E9B391BCE8C629B285C862050519AD4641E9749277398,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058146Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:23.102{B81B27B7-28B2-6193-1300-00000000CC01}364NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=E5792FDC573EE81FF3757EFD1CF10AE3,SHA256=AF734E72C8FB0574AF1EC8CA7888BE6DBC82864A83E86DCD8F9C35A635EE822B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058148Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:24.712{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E264369C4E799BA449CC5B61A551585C,SHA256=3DD99868437FF54582C35B399EA2C7996512B32BF1A4E59CF10906446EA554D6,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x8000000000000000115872633Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:48.891{3BF36828-98A5-6185-ED00-00000000CC01}2352C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local61818-false10.0.1.12-8000- 23542300x8000000000000000115872632Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:24.275{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EE4B20DEB63C7DCC310FF77B3B381091,SHA256=FF362F25050120BCFBAF5DAA0D2C4EE28C23F96716A962F08E4470A1DE4FE320,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058149Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:25.899{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F2814DAA1B9EBA315FE8F1EF04514616,SHA256=A3F01B84DBADCB57D5F31393DED80CE83ADF28C8AF58BFB3CC39D2519ED93331,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115872634Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:25.290{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=015A6ABE4F6CC5234D5B3B9E816044FF,SHA256=B68E2D7F304AB45E319A0552B1F22F871DDCA95FDD03D65206D4C4DA90049E40,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058151Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:26.977{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0211A5E4781BA4486D4BCFE9C462D9CB,SHA256=79C9F68CF458C1E788813BDCA1A24E471D86A1AC2C25B1EFD6AB562D8E2E7B57,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000059058150Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:12.912{B81B27B7-28BE-6193-7E00-00000000CC01}5272C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58085-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x8000000000000000115872635Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:26.305{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2189BBE1823F8CE85F0B472E92E03E18,SHA256=1AA8C1DD5E1ADA84061DBEAAEF005475AA4381FAFA2EA813C61E00C5775A2C5E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115872636Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:27.320{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2E05DFDD74501DF9C0B583CAD65AD44F,SHA256=74E9BCD27525747588F62ED492210F4966B7ED5F0E205A372CA5F853423416E3,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000059058165Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:27.653{B81B27B7-7A47-619D-DE36-01000000CC01}22241940C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{B81B27B7-28B3-6193-2C00-00000000CC01}2332C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058164Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:27.509{B81B27B7-28B4-6193-3100-00000000CC01}31203140C:\Windows\system32\conhost.exe{B81B27B7-7A47-619D-DE36-01000000CC01}2224C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058163Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:27.509{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058162Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:27.509{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058161Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:27.509{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058160Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:27.509{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058159Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:27.509{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058158Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:27.509{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058157Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:27.509{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058156Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:27.509{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058155Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:27.509{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058154Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:27.509{B81B27B7-28B0-6193-0500-00000000CC01}408424C:\Windows\system32\csrss.exe{B81B27B7-7A47-619D-DE36-01000000CC01}2224C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000059058153Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:27.509{B81B27B7-28B3-6193-2C00-00000000CC01}23323408C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{B81B27B7-7A47-619D-DE36-01000000CC01}2224C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000059058152Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:27.494{B81B27B7-7A47-619D-DE36-01000000CC01}2224C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{B81B27B7-28B1-6193-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{B81B27B7-28B3-6193-2C00-00000000CC01}2332C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000115872662Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:28.755{3BF36828-9799-6185-0D00-00000000CC01}904928C:\Windows\system32\svchost.exe{3BF36828-D71B-619B-EA9E-02000000CC01}4372C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115872661Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:28.755{3BF36828-9799-6185-0D00-00000000CC01}904928C:\Windows\system32\svchost.exe{3BF36828-D71B-619B-EA9E-02000000CC01}4372C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115872660Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:28.754{3BF36828-9799-6185-0D00-00000000CC01}904928C:\Windows\system32\svchost.exe{3BF36828-D71B-619B-EA9E-02000000CC01}4372C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115872659Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:28.754{3BF36828-9799-6185-0D00-00000000CC01}904928C:\Windows\system32\svchost.exe{3BF36828-D71B-619B-EA9E-02000000CC01}4372C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115872658Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:28.754{3BF36828-9799-6185-0D00-00000000CC01}904928C:\Windows\system32\svchost.exe{3BF36828-D71B-619B-EA9E-02000000CC01}4372C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115872657Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:28.754{3BF36828-9799-6185-0D00-00000000CC01}904928C:\Windows\system32\svchost.exe{3BF36828-D71B-619B-EA9E-02000000CC01}4372C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115872656Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:28.754{3BF36828-9799-6185-0D00-00000000CC01}904928C:\Windows\system32\svchost.exe{3BF36828-D71B-619B-EA9E-02000000CC01}4372C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115872655Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:28.752{3BF36828-9799-6185-0D00-00000000CC01}904928C:\Windows\system32\svchost.exe{3BF36828-D71B-619B-EB9E-02000000CC01}6156C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115872654Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:28.752{3BF36828-9799-6185-0D00-00000000CC01}904928C:\Windows\system32\svchost.exe{3BF36828-D71B-619B-EB9E-02000000CC01}6156C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115872653Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:28.752{3BF36828-9799-6185-0D00-00000000CC01}904928C:\Windows\system32\svchost.exe{3BF36828-D71B-619B-EB9E-02000000CC01}6156C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115872652Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:28.752{3BF36828-9799-6185-0D00-00000000CC01}904928C:\Windows\system32\svchost.exe{3BF36828-D71A-619B-E89E-02000000CC01}5324C:\Windows\explorer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115872651Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:28.752{3BF36828-9799-6185-0D00-00000000CC01}904928C:\Windows\system32\svchost.exe{3BF36828-D71A-619B-E89E-02000000CC01}5324C:\Windows\explorer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115872650Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:28.752{3BF36828-9799-6185-0D00-00000000CC01}904928C:\Windows\system32\svchost.exe{3BF36828-D71A-619B-E89E-02000000CC01}5324C:\Windows\explorer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115872649Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:28.752{3BF36828-9799-6185-0D00-00000000CC01}904928C:\Windows\system32\svchost.exe{3BF36828-D71A-619B-E89E-02000000CC01}5324C:\Windows\explorer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115872648Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:28.752{3BF36828-9799-6185-0D00-00000000CC01}904928C:\Windows\system32\svchost.exe{3BF36828-D71A-619B-E89E-02000000CC01}5324C:\Windows\explorer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115872647Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:28.752{3BF36828-9799-6185-0D00-00000000CC01}904928C:\Windows\system32\svchost.exe{3BF36828-D71A-619B-E89E-02000000CC01}5324C:\Windows\explorer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115872646Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:28.751{3BF36828-9799-6185-0D00-00000000CC01}904928C:\Windows\system32\svchost.exe{3BF36828-D71A-619B-E89E-02000000CC01}5324C:\Windows\explorer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115872645Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:28.751{3BF36828-9799-6185-0D00-00000000CC01}904928C:\Windows\system32\svchost.exe{3BF36828-D71A-619B-E89E-02000000CC01}5324C:\Windows\explorer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115872644Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:28.751{3BF36828-9799-6185-0D00-00000000CC01}904928C:\Windows\system32\svchost.exe{3BF36828-D71A-619B-E89E-02000000CC01}5324C:\Windows\explorer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115872643Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:28.751{3BF36828-9799-6185-0D00-00000000CC01}904928C:\Windows\system32\svchost.exe{3BF36828-D71A-619B-E89E-02000000CC01}5324C:\Windows\explorer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115872642Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:28.751{3BF36828-9799-6185-0D00-00000000CC01}904928C:\Windows\system32\svchost.exe{3BF36828-D71A-619B-E89E-02000000CC01}5324C:\Windows\explorer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115872641Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:28.751{3BF36828-9799-6185-0D00-00000000CC01}904928C:\Windows\system32\svchost.exe{3BF36828-D71A-619B-E89E-02000000CC01}5324C:\Windows\explorer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115872640Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:28.751{3BF36828-9799-6185-0D00-00000000CC01}904928C:\Windows\system32\svchost.exe{3BF36828-D71A-619B-E89E-02000000CC01}5324C:\Windows\explorer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115872639Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:28.751{3BF36828-9799-6185-0D00-00000000CC01}904928C:\Windows\system32\svchost.exe{3BF36828-D71A-619B-E89E-02000000CC01}5324C:\Windows\explorer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000115872638Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:28.573{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=1B66CA9352B2FECF8B4C97E1EBEC207D,SHA256=6952F0B040CAF0AFFA8DE7C05DECDB72B589A258DF29FC98191E1A1C04E5E8B1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115872637Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:28.320{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C265C1CA160C2051FB40146DAD2856F3,SHA256=4B07811FA14A2D6FD44C4B5C06912F54031B9C24C3356B59CA4FDABC8C48EFF1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000059058194Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:28.888{B81B27B7-28B4-6193-3100-00000000CC01}31203140C:\Windows\system32\conhost.exe{B81B27B7-7A48-619D-E036-01000000CC01}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058193Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:28.888{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058192Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:28.888{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058191Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:28.888{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058190Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:28.888{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058189Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:28.888{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058188Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:28.888{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058187Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:28.888{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058186Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:28.888{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058185Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:28.888{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058184Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:28.888{B81B27B7-28B0-6193-0500-00000000CC01}408528C:\Windows\system32\csrss.exe{B81B27B7-7A48-619D-E036-01000000CC01}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000059058183Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:28.888{B81B27B7-28B3-6193-2C00-00000000CC01}23323408C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{B81B27B7-7A48-619D-E036-01000000CC01}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000059058182Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:28.873{B81B27B7-7A48-619D-E036-01000000CC01}4936C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{B81B27B7-28B1-6193-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{B81B27B7-28B3-6193-2C00-00000000CC01}2332C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000059058181Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:28.497{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=E9174B40963FBE82468FE973DAFCC867,SHA256=B19F79E278765F073BD8D7DDFA992FAA6745C7F6DC096FAA14459EE4E0B3108F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058180Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:28.497{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=1D74227B766C88F954CF7272C04074BE,SHA256=1C208374804B01A1F0BA43081E1B7F87E03F815632647DADF086997CE66C4C02,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000059058179Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:28.200{B81B27B7-28B4-6193-3100-00000000CC01}31203140C:\Windows\system32\conhost.exe{B81B27B7-7A48-619D-DF36-01000000CC01}1820C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058178Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:28.200{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058177Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:28.200{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058176Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:28.200{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058175Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:28.200{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058174Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:28.200{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058173Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:28.200{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058172Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:28.200{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058171Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:28.200{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058170Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:28.200{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058169Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:28.200{B81B27B7-28B0-6193-0500-00000000CC01}408424C:\Windows\system32\csrss.exe{B81B27B7-7A48-619D-DF36-01000000CC01}1820C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000059058168Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:28.200{B81B27B7-28B3-6193-2C00-00000000CC01}23323408C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{B81B27B7-7A48-619D-DF36-01000000CC01}1820C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000059058167Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:28.185{B81B27B7-7A48-619D-DF36-01000000CC01}1820C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{B81B27B7-28B1-6193-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{B81B27B7-28B3-6193-2C00-00000000CC01}2332C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000059058166Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:27.997{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8EA92900A5B7F022C8BAC0009F755AF6,SHA256=CE342C0A6FC1BF4F46AF4464A6D3D687FBE3579E11EA2D501ABC351AC813C913,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115872663Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:29.335{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9AE50014C9345BEF5066B9E5FACD6472,SHA256=54CBB7350D91261CEA1A0AFEFF9FA3CF0FD4F83C7C8D1D16A56CB216E7534B71,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058195Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:29.169{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=00AAFB39A71B96970D22B8CE448C038F,SHA256=BD41B159CA43577CAD1200EDEACDC3DAE2B842AD895439569F5EB43061C8DF6C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115872665Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:30.336{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8B9E317CF00CE52BBDA5DED5EB73CD59,SHA256=2DFD818BAE2550EB87C83F5C6CD6578FB157FEEE60F531D72D18C94E8C01920B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058197Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:30.184{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7D7FD092BD0147638ABE4681F1244BE5,SHA256=F39017AD43C636B1FAC451DF351483645B0B747A3543945984A17FBE1DE579B4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115872664Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:30.136{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=E3E708C29FB8ACAAC8A39DB25B014D21,SHA256=1AEDDBA88BB23313CEAF0F36AAA68796DE78F6AFCD63833B36F1228B0412F75D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058196Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:30.044{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=E9174B40963FBE82468FE973DAFCC867,SHA256=B19F79E278765F073BD8D7DDFA992FAA6745C7F6DC096FAA14459EE4E0B3108F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x8000000000000000115872667Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:54.788{3BF36828-98A5-6185-ED00-00000000CC01}2352C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local61819-false10.0.1.12-8000- 23542300x8000000000000000115872666Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:31.372{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=729496495CBF58A5F57C211DEDCE9E72,SHA256=390A13F9C78B95D63CCF65E844D10A62510D84DF542FB2CD127F583F5E81AB41,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058198Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:31.247{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A0C3786A70B1A6F29A38111B51E7A873,SHA256=2F8088174AA294B0AD586CBF95745ED05AB292E770DD732454E7905B79F3A33B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x8000000000000000115872767Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:32.871{3BF36828-7A4C-619D-77D0-02000000CC01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x8000000000000000115872766Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:32.871{3BF36828-7A4C-619D-77D0-02000000CC01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rsaenh.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=B6E99FD898E948657373BB02708C7C00,SHA256=90476029BD7AB0FEC53AAE567AE53BC0B09C7C5C8C7B8F19485BA872B74ED591,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x8000000000000000115872765Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:32.871{3BF36828-7A4C-619D-77D0-02000000CC01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x8000000000000000115872764Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:32.871{3BF36828-7A4C-619D-77D0-02000000CC01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x8000000000000000115872763Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:32.871{3BF36828-7A4C-619D-77D0-02000000CC01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x8000000000000000115872762Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:32.871{3BF36828-7A4C-619D-77D0-02000000CC01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x8000000000000000115872761Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:32.855{3BF36828-7A4C-619D-77D0-02000000CC01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x8000000000000000115872760Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:32.855{3BF36828-7A4C-619D-77D0-02000000CC01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x8000000000000000115872759Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:32.855{3BF36828-7A4C-619D-77D0-02000000CC01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x8000000000000000115872758Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:32.855{3BF36828-7A4C-619D-77D0-02000000CC01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x8000000000000000115872757Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:32.855{3BF36828-7A4C-619D-77D0-02000000CC01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x8000000000000000115872756Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:32.855{3BF36828-7A4C-619D-77D0-02000000CC01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x8000000000000000115872755Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:32.855{3BF36828-7A4C-619D-77D0-02000000CC01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x8000000000000000115872754Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:32.855{3BF36828-7A4C-619D-77D0-02000000CC01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x8000000000000000115872753Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:32.855{3BF36828-7A4C-619D-77D0-02000000CC01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x8000000000000000115872752Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:32.855{3BF36828-7A4C-619D-77D0-02000000CC01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x8000000000000000115872751Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:32.855{3BF36828-7A4C-619D-77D0-02000000CC01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x8000000000000000115872750Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:32.855{3BF36828-7A4C-619D-77D0-02000000CC01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x8000000000000000115872749Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:32.855{3BF36828-7A4C-619D-77D0-02000000CC01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x8000000000000000115872748Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:32.855{3BF36828-7A4C-619D-77D0-02000000CC01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x8000000000000000115872747Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:32.855{3BF36828-7A4C-619D-77D0-02000000CC01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x8000000000000000115872746Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:32.855{3BF36828-7A4C-619D-77D0-02000000CC01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x8000000000000000115872745Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:32.855{3BF36828-7A4C-619D-77D0-02000000CC01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x8000000000000000115872744Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:32.855{3BF36828-7A4C-619D-77D0-02000000CC01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\advapi32.dll10.0.14393.2969 (rs1_release.190503-1820)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=F5442C4B9A99C3AED71BED79AC46DAD1,SHA256=05F47403F3BD93FB11F39A5CB4D6E4DD08B35FF4FA3D4969D8E5396D38FB484B,IMPHASH=D2F471BB25AF6310EB67BD4EA99B4DBCtrueMicrosoft WindowsValid 734700x8000000000000000115872743Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:32.855{3BF36828-7A4C-619D-77D0-02000000CC01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x8000000000000000115872742Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:32.855{3BF36828-7A4C-619D-77D0-02000000CC01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x8000000000000000115872741Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:32.855{3BF36828-7A4C-619D-77D0-02000000CC01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x8000000000000000115872740Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:32.855{3BF36828-7A4C-619D-77D0-02000000CC01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x8000000000000000115872739Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:32.855{3BF36828-7A4C-619D-77D0-02000000CC01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4350 (rs1_release.210407-2154)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=BC930981DA6E598A6A2E87D8355CB38A,SHA256=34DB9A305C0574B5C1694A499221B520DFB2BFD894D8E95096ABF09F1182D758,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x8000000000000000115872738Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:32.855{3BF36828-7A4C-619D-77D0-02000000CC01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x8000000000000000115872737Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:32.855{3BF36828-7A4C-619D-77D0-02000000CC01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\combase.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=88632FDECDE467B887C3594BE2EC545C,SHA256=FFED4D80961917C785063411ED15CED1DB6588AD925E76D72E1BF684FFDBF25D,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x8000000000000000115872736Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:32.855{3BF36828-7A4C-619D-77D0-02000000CC01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x8000000000000000115872735Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:32.855{3BF36828-7A4C-619D-77D0-02000000CC01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x8000000000000000115872734Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:32.855{3BF36828-7A4C-619D-77D0-02000000CC01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x8000000000000000115872733Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:32.855{3BF36828-7A4C-619D-77D0-02000000CC01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000115872732Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:32.855{3BF36828-7A4C-619D-77D0-02000000CC01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 23542300x8000000000000000115872731Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:32.855{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2AA8F8402C7014C1B5C5B418471470DC,SHA256=6AEC16F568E54BC33054F64D6EEF0A1A01149953DF447EA561ADD5DF5DDE5FC2,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x8000000000000000115872730Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:32.855{3BF36828-989E-6185-C300-00000000CC01}59565960C:\Windows\system32\conhost.exe{3BF36828-7A4C-619D-77D0-02000000CC01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x8000000000000000115872729Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:32.855{3BF36828-7A4C-619D-77D0-02000000CC01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x8000000000000000115872728Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:32.854{3BF36828-7A4C-619D-77D0-02000000CC01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x8000000000000000115872727Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:32.853{3BF36828-7A4C-619D-77D0-02000000CC01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000115872726Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:32.853{3BF36828-7A4C-619D-77D0-02000000CC01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exeMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165trueSplunk, Inc.Valid 10341000x8000000000000000115872725Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:32.853{3BF36828-9799-6185-0C00-00000000CC01}844924C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115872724Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:32.853{3BF36828-9799-6185-0C00-00000000CC01}844924C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115872723Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:32.852{3BF36828-9799-6185-0C00-00000000CC01}844924C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115872722Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:32.852{3BF36828-9799-6185-0C00-00000000CC01}844924C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115872721Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:32.852{3BF36828-9797-6185-0500-00000000CC01}420536C:\Windows\system32\csrss.exe{3BF36828-7A4C-619D-77D0-02000000CC01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000115872720Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:32.852{3BF36828-989D-6185-BF00-00000000CC01}29682452C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3BF36828-7A4C-619D-77D0-02000000CC01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000115872719Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:32.834{3BF36828-7A4C-619D-77D0-02000000CC01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{3BF36828-9797-6185-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{3BF36828-989D-6185-BF00-00000000CC01}2968C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000059058200Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:18.760{B81B27B7-28BE-6193-7E00-00000000CC01}5272C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58086-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000059058199Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:32.263{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=452C738FC63B7341469A2EEBBB9AB4C4,SHA256=0410D590120531B9054C741121645AF20E96DEB525AB27430883E88514DDCC1D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x8000000000000000115872718Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:32.334{3BF36828-7A4C-619D-76D0-02000000CC01}4368C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 10341000x8000000000000000115872717Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:32.318{3BF36828-7A4C-619D-76D0-02000000CC01}43683640C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{3BF36828-989D-6185-BF00-00000000CC01}2968C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x8000000000000000115872716Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:32.318{3BF36828-7A4C-619D-76D0-02000000CC01}4368C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x8000000000000000115872715Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:32.318{3BF36828-7A4C-619D-76D0-02000000CC01}4368C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x8000000000000000115872714Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:32.187{3BF36828-7A4C-619D-76D0-02000000CC01}4368C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x8000000000000000115872713Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:32.172{3BF36828-7A4C-619D-76D0-02000000CC01}4368C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=B6E99FD898E948657373BB02708C7C00,SHA256=90476029BD7AB0FEC53AAE567AE53BC0B09C7C5C8C7B8F19485BA872B74ED591,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x8000000000000000115872712Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:32.172{3BF36828-7A4C-619D-76D0-02000000CC01}4368C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x8000000000000000115872711Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:32.172{3BF36828-7A4C-619D-76D0-02000000CC01}4368C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x8000000000000000115872710Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:32.172{3BF36828-7A4C-619D-76D0-02000000CC01}4368C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x8000000000000000115872709Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:32.172{3BF36828-7A4C-619D-76D0-02000000CC01}4368C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x8000000000000000115872708Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:32.172{3BF36828-7A4C-619D-76D0-02000000CC01}4368C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x8000000000000000115872707Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:32.172{3BF36828-7A4C-619D-76D0-02000000CC01}4368C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x8000000000000000115872706Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:32.172{3BF36828-7A4C-619D-76D0-02000000CC01}4368C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x8000000000000000115872705Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:32.172{3BF36828-7A4C-619D-76D0-02000000CC01}4368C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x8000000000000000115872704Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:32.172{3BF36828-7A4C-619D-76D0-02000000CC01}4368C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x8000000000000000115872703Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:32.172{3BF36828-7A4C-619D-76D0-02000000CC01}4368C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x8000000000000000115872702Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:32.172{3BF36828-7A4C-619D-76D0-02000000CC01}4368C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=88632FDECDE467B887C3594BE2EC545C,SHA256=FFED4D80961917C785063411ED15CED1DB6588AD925E76D72E1BF684FFDBF25D,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x8000000000000000115872701Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:32.172{3BF36828-7A4C-619D-76D0-02000000CC01}4368C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x8000000000000000115872700Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:32.172{3BF36828-7A4C-619D-76D0-02000000CC01}4368C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x8000000000000000115872699Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:32.172{3BF36828-7A4C-619D-76D0-02000000CC01}4368C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x8000000000000000115872698Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:32.172{3BF36828-7A4C-619D-76D0-02000000CC01}4368C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x8000000000000000115872697Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:32.172{3BF36828-7A4C-619D-76D0-02000000CC01}4368C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000115872696Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:32.172{3BF36828-7A4C-619D-76D0-02000000CC01}4368C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x8000000000000000115872695Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:32.172{3BF36828-7A4C-619D-76D0-02000000CC01}4368C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x8000000000000000115872694Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:32.172{3BF36828-7A4C-619D-76D0-02000000CC01}4368C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x8000000000000000115872693Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:32.172{3BF36828-7A4C-619D-76D0-02000000CC01}4368C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x8000000000000000115872692Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:32.172{3BF36828-7A4C-619D-76D0-02000000CC01}4368C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x8000000000000000115872691Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:32.172{3BF36828-7A4C-619D-76D0-02000000CC01}4368C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x8000000000000000115872690Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:32.172{3BF36828-7A4C-619D-76D0-02000000CC01}4368C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4350 (rs1_release.210407-2154)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=BC930981DA6E598A6A2E87D8355CB38A,SHA256=34DB9A305C0574B5C1694A499221B520DFB2BFD894D8E95096ABF09F1182D758,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x8000000000000000115872689Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:32.156{3BF36828-7A4C-619D-76D0-02000000CC01}4368C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x8000000000000000115872688Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:32.156{3BF36828-7A4C-619D-76D0-02000000CC01}4368C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x8000000000000000115872687Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:32.156{3BF36828-7A4C-619D-76D0-02000000CC01}4368C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x8000000000000000115872686Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:32.156{3BF36828-7A4C-619D-76D0-02000000CC01}4368C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x8000000000000000115872685Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:32.156{3BF36828-7A4C-619D-76D0-02000000CC01}4368C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x8000000000000000115872684Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:32.156{3BF36828-7A4C-619D-76D0-02000000CC01}4368C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x8000000000000000115872683Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:32.156{3BF36828-7A4C-619D-76D0-02000000CC01}4368C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x8000000000000000115872682Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:32.156{3BF36828-7A4C-619D-76D0-02000000CC01}4368C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x8000000000000000115872681Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:32.156{3BF36828-7A4C-619D-76D0-02000000CC01}4368C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x8000000000000000115872680Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:32.156{3BF36828-7A4C-619D-76D0-02000000CC01}4368C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.2969 (rs1_release.190503-1820)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=F5442C4B9A99C3AED71BED79AC46DAD1,SHA256=05F47403F3BD93FB11F39A5CB4D6E4DD08B35FF4FA3D4969D8E5396D38FB484B,IMPHASH=D2F471BB25AF6310EB67BD4EA99B4DBCtrueMicrosoft WindowsValid 10341000x8000000000000000115872679Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:32.156{3BF36828-989E-6185-C300-00000000CC01}59565960C:\Windows\system32\conhost.exe{3BF36828-7A4C-619D-76D0-02000000CC01}4368C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x8000000000000000115872678Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:32.156{3BF36828-7A4C-619D-76D0-02000000CC01}4368C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x8000000000000000115872677Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:32.156{3BF36828-7A4C-619D-76D0-02000000CC01}4368C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x8000000000000000115872676Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:32.156{3BF36828-7A4C-619D-76D0-02000000CC01}4368C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000115872675Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:32.156{3BF36828-7A4C-619D-76D0-02000000CC01}4368C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1CtrueSplunk, Inc.Valid 10341000x8000000000000000115872674Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:32.156{3BF36828-9799-6185-0C00-00000000CC01}844924C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115872673Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:32.156{3BF36828-9799-6185-0C00-00000000CC01}844924C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115872672Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:32.156{3BF36828-9799-6185-0C00-00000000CC01}844924C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115872671Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:32.156{3BF36828-9799-6185-0C00-00000000CC01}844924C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115872670Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:32.156{3BF36828-9797-6185-0500-00000000CC01}420436C:\Windows\system32\csrss.exe{3BF36828-7A4C-619D-76D0-02000000CC01}4368C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000115872669Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:32.156{3BF36828-989D-6185-BF00-00000000CC01}29682452C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3BF36828-7A4C-619D-76D0-02000000CC01}4368C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000115872668Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:32.151{3BF36828-7A4C-619D-76D0-02000000CC01}4368C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{3BF36828-9797-6185-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{3BF36828-989D-6185-BF00-00000000CC01}2968C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000115872829Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:33.903{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=52B949DF539538CA9B7AD94D602346EF,SHA256=1D162ADBB4E99E50ECE9487E474B6F18964C93B659B9FB49656C1C964F09378E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058201Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:33.278{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B2AF4AD507CBAD5BD06780088D10DA10,SHA256=97399EBE6255B5257260E6180FB16B84DB34B8B78EE676A8DA2CF38DEE507AD8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115872828Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:33.819{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DFC5130889B98A9726E9CBBAD53F5305,SHA256=0B3B7773B0724A0744874C603C6BA6874098D4F3D43DDD3D4ABFF9129C6EB344,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x8000000000000000115872827Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:33.735{3BF36828-7A4D-619D-78D0-02000000CC01}6596C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x8000000000000000115872826Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:33.735{3BF36828-7A4D-619D-78D0-02000000CC01}6596C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x8000000000000000115872825Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:33.735{3BF36828-7A4D-619D-78D0-02000000CC01}6596C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 10341000x8000000000000000115872824Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:33.735{3BF36828-9D19-618C-1ED4-00000000CC01}61284772C:\Windows\system32\taskmgr.exe{3BF36828-7A4D-619D-78D0-02000000CC01}6596C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+19544|C:\Windows\system32\taskmgr.exe+1a290|C:\Windows\system32\taskmgr.exe+19e20|C:\Windows\system32\taskmgr.exe+1cc42|C:\Windows\system32\taskmgr.exe+14fa9|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115872823Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:33.735{3BF36828-9D19-618C-1ED4-00000000CC01}61284772C:\Windows\system32\taskmgr.exe{3BF36828-7A4D-619D-78D0-02000000CC01}6596C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\taskmgr.exe+1e590|C:\Windows\system32\taskmgr.exe+1a25e|C:\Windows\system32\taskmgr.exe+19e20|C:\Windows\system32\taskmgr.exe+1cc42|C:\Windows\system32\taskmgr.exe+14fa9|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115872822Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:33.735{3BF36828-9D19-618C-1ED4-00000000CC01}61284772C:\Windows\system32\taskmgr.exe{3BF36828-7A4D-619D-78D0-02000000CC01}6596C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+1ea6a|C:\Windows\system32\taskmgr.exe+1a0d0|C:\Windows\system32\taskmgr.exe+19e20|C:\Windows\system32\taskmgr.exe+1cc42|C:\Windows\system32\taskmgr.exe+14fa9|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115872821Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:33.735{3BF36828-9D19-618C-1ED4-00000000CC01}61284772C:\Windows\system32\taskmgr.exe{3BF36828-7A4D-619D-78D0-02000000CC01}6596C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+b1cf|C:\Windows\system32\taskmgr.exe+1a084|C:\Windows\system32\taskmgr.exe+19e20|C:\Windows\system32\taskmgr.exe+1cc42|C:\Windows\system32\taskmgr.exe+14fa9|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115872820Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:33.735{3BF36828-9D19-618C-1ED4-00000000CC01}61284772C:\Windows\system32\taskmgr.exe{3BF36828-7A4D-619D-78D0-02000000CC01}6596C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+b2b8|C:\Windows\system32\taskmgr.exe+19d0d|C:\Windows\system32\taskmgr.exe+1cc42|C:\Windows\system32\taskmgr.exe+14fa9|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x8000000000000000115872819Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:33.572{3BF36828-7A4D-619D-78D0-02000000CC01}6596C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x8000000000000000115872818Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:33.572{3BF36828-7A4D-619D-78D0-02000000CC01}6596C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rsaenh.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=B6E99FD898E948657373BB02708C7C00,SHA256=90476029BD7AB0FEC53AAE567AE53BC0B09C7C5C8C7B8F19485BA872B74ED591,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x8000000000000000115872817Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:33.572{3BF36828-7A4D-619D-78D0-02000000CC01}6596C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x8000000000000000115872816Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:33.572{3BF36828-7A4D-619D-78D0-02000000CC01}6596C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x8000000000000000115872815Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:33.572{3BF36828-7A4D-619D-78D0-02000000CC01}6596C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x8000000000000000115872814Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:33.572{3BF36828-7A4D-619D-78D0-02000000CC01}6596C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x8000000000000000115872813Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:33.572{3BF36828-7A4D-619D-78D0-02000000CC01}6596C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x8000000000000000115872812Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:33.557{3BF36828-7A4D-619D-78D0-02000000CC01}6596C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x8000000000000000115872811Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:33.557{3BF36828-7A4D-619D-78D0-02000000CC01}6596C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x8000000000000000115872810Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:33.557{3BF36828-7A4D-619D-78D0-02000000CC01}6596C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x8000000000000000115872809Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:33.557{3BF36828-7A4D-619D-78D0-02000000CC01}6596C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x8000000000000000115872808Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:33.557{3BF36828-7A4D-619D-78D0-02000000CC01}6596C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x8000000000000000115872807Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:33.557{3BF36828-7A4D-619D-78D0-02000000CC01}6596C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\combase.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=88632FDECDE467B887C3594BE2EC545C,SHA256=FFED4D80961917C785063411ED15CED1DB6588AD925E76D72E1BF684FFDBF25D,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x8000000000000000115872806Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:33.557{3BF36828-7A4D-619D-78D0-02000000CC01}6596C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x8000000000000000115872805Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:33.557{3BF36828-7A4D-619D-78D0-02000000CC01}6596C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x8000000000000000115872804Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:33.557{3BF36828-7A4D-619D-78D0-02000000CC01}6596C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000115872803Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:33.557{3BF36828-7A4D-619D-78D0-02000000CC01}6596C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x8000000000000000115872802Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:33.557{3BF36828-7A4D-619D-78D0-02000000CC01}6596C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x8000000000000000115872801Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:33.557{3BF36828-7A4D-619D-78D0-02000000CC01}6596C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x8000000000000000115872800Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:33.557{3BF36828-7A4D-619D-78D0-02000000CC01}6596C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x8000000000000000115872799Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:33.557{3BF36828-7A4D-619D-78D0-02000000CC01}6596C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x8000000000000000115872798Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:33.557{3BF36828-7A4D-619D-78D0-02000000CC01}6596C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x8000000000000000115872797Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:33.557{3BF36828-7A4D-619D-78D0-02000000CC01}6596C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x8000000000000000115872796Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:33.557{3BF36828-7A4D-619D-78D0-02000000CC01}6596C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x8000000000000000115872795Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:33.557{3BF36828-7A4D-619D-78D0-02000000CC01}6596C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4350 (rs1_release.210407-2154)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=BC930981DA6E598A6A2E87D8355CB38A,SHA256=34DB9A305C0574B5C1694A499221B520DFB2BFD894D8E95096ABF09F1182D758,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x8000000000000000115872794Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:33.557{3BF36828-7A4D-619D-78D0-02000000CC01}6596C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x8000000000000000115872793Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:33.557{3BF36828-7A4D-619D-78D0-02000000CC01}6596C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x8000000000000000115872792Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:33.557{3BF36828-7A4D-619D-78D0-02000000CC01}6596C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x8000000000000000115872791Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:33.557{3BF36828-7A4D-619D-78D0-02000000CC01}6596C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x8000000000000000115872790Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:33.557{3BF36828-7A4D-619D-78D0-02000000CC01}6596C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x8000000000000000115872789Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:33.557{3BF36828-7A4D-619D-78D0-02000000CC01}6596C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x8000000000000000115872788Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:33.557{3BF36828-7A4D-619D-78D0-02000000CC01}6596C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x8000000000000000115872787Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:33.557{3BF36828-7A4D-619D-78D0-02000000CC01}6596C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x8000000000000000115872786Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:33.557{3BF36828-7A4D-619D-78D0-02000000CC01}6596C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\fltLib.dll10.0.14393.0 (rs1_release.160715-1616)Filter LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationfilterLib.dllMD5=051ABD8360BDA63A1BC77C662FBF0A25,SHA256=C914E2DBAEC2C9A11923A984B30A979637D3A27B3C29E93F4C90FB1D9FBC518F,IMPHASH=74D3C2DA8B6F9861866B866AE40683D3trueMicrosoft WindowsValid 734700x8000000000000000115872785Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:33.557{3BF36828-7A4D-619D-78D0-02000000CC01}6596C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x8000000000000000115872784Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:33.557{3BF36828-7A4D-619D-78D0-02000000CC01}6596C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\advapi32.dll10.0.14393.2969 (rs1_release.190503-1820)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=F5442C4B9A99C3AED71BED79AC46DAD1,SHA256=05F47403F3BD93FB11F39A5CB4D6E4DD08B35FF4FA3D4969D8E5396D38FB484B,IMPHASH=D2F471BB25AF6310EB67BD4EA99B4DBCtrueMicrosoft WindowsValid 10341000x8000000000000000115872783Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:33.557{3BF36828-989E-6185-C300-00000000CC01}59565960C:\Windows\system32\conhost.exe{3BF36828-7A4D-619D-78D0-02000000CC01}6596C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x8000000000000000115872782Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:33.557{3BF36828-7A4D-619D-78D0-02000000CC01}6596C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x8000000000000000115872781Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:33.557{3BF36828-7A4D-619D-78D0-02000000CC01}6596C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x8000000000000000115872780Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:33.557{3BF36828-7A4D-619D-78D0-02000000CC01}6596C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000115872779Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:33.557{3BF36828-7A4D-619D-78D0-02000000CC01}6596C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exeMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8trueSplunk, Inc.Valid 10341000x8000000000000000115872778Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:33.557{3BF36828-9799-6185-0C00-00000000CC01}844924C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115872777Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:33.557{3BF36828-9799-6185-0C00-00000000CC01}844924C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115872776Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:33.557{3BF36828-9799-6185-0C00-00000000CC01}844924C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115872775Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:33.557{3BF36828-9799-6185-0C00-00000000CC01}844924C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115872774Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:33.557{3BF36828-9797-6185-0500-00000000CC01}420436C:\Windows\system32\csrss.exe{3BF36828-7A4D-619D-78D0-02000000CC01}6596C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000115872773Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:33.557{3BF36828-989D-6185-BF00-00000000CC01}29682452C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3BF36828-7A4D-619D-78D0-02000000CC01}6596C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000115872772Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:33.536{3BF36828-7A4D-619D-78D0-02000000CC01}6596C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{3BF36828-9797-6185-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{3BF36828-989D-6185-BF00-00000000CC01}2968C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000115872771Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:33.155{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=51065CBBEDB93BC1A3DFA58D22D42E29,SHA256=27B61556F98F20979572D7A8E11D7A5C5E6EECB0C9392B527221C877332802E3,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x8000000000000000115872770Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:33.019{3BF36828-7A4C-619D-77D0-02000000CC01}72004232C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{3BF36828-989D-6185-BF00-00000000CC01}2968C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x8000000000000000115872769Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:33.019{3BF36828-7A4C-619D-77D0-02000000CC01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x8000000000000000115872768Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:33.019{3BF36828-7A4C-619D-77D0-02000000CC01}7200C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x8000000000000000115872929Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:34.976{3BF36828-7A4E-619D-7AD0-02000000CC01}408C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x8000000000000000115872928Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:34.976{3BF36828-7A4E-619D-7AD0-02000000CC01}408C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=B6E99FD898E948657373BB02708C7C00,SHA256=90476029BD7AB0FEC53AAE567AE53BC0B09C7C5C8C7B8F19485BA872B74ED591,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x8000000000000000115872927Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:34.976{3BF36828-7A4E-619D-7AD0-02000000CC01}408C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x8000000000000000115872926Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:34.976{3BF36828-7A4E-619D-7AD0-02000000CC01}408C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x8000000000000000115872925Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:34.976{3BF36828-7A4E-619D-7AD0-02000000CC01}408C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x8000000000000000115872924Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:34.976{3BF36828-7A4E-619D-7AD0-02000000CC01}408C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x8000000000000000115872923Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:34.976{3BF36828-7A4E-619D-7AD0-02000000CC01}408C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x8000000000000000115872922Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:34.976{3BF36828-7A4E-619D-7AD0-02000000CC01}408C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x8000000000000000115872921Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:34.957{3BF36828-7A4E-619D-7AD0-02000000CC01}408C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x8000000000000000115872920Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:34.957{3BF36828-7A4E-619D-7AD0-02000000CC01}408C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x8000000000000000115872919Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:34.957{3BF36828-7A4E-619D-7AD0-02000000CC01}408C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x8000000000000000115872918Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:34.957{3BF36828-7A4E-619D-7AD0-02000000CC01}408C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x8000000000000000115872917Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:34.957{3BF36828-7A4E-619D-7AD0-02000000CC01}408C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x8000000000000000115872916Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:34.957{3BF36828-7A4E-619D-7AD0-02000000CC01}408C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=88632FDECDE467B887C3594BE2EC545C,SHA256=FFED4D80961917C785063411ED15CED1DB6588AD925E76D72E1BF684FFDBF25D,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x8000000000000000115872915Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:34.957{3BF36828-7A4E-619D-7AD0-02000000CC01}408C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x8000000000000000115872914Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:34.957{3BF36828-7A4E-619D-7AD0-02000000CC01}408C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x8000000000000000115872913Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:34.957{3BF36828-7A4E-619D-7AD0-02000000CC01}408C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000115872912Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:34.957{3BF36828-7A4E-619D-7AD0-02000000CC01}408C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x8000000000000000115872911Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:34.957{3BF36828-7A4E-619D-7AD0-02000000CC01}408C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x8000000000000000115872910Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:34.957{3BF36828-7A4E-619D-7AD0-02000000CC01}408C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x8000000000000000115872909Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:34.957{3BF36828-7A4E-619D-7AD0-02000000CC01}408C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x8000000000000000115872908Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:34.957{3BF36828-7A4E-619D-7AD0-02000000CC01}408C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x8000000000000000115872907Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:34.957{3BF36828-7A4E-619D-7AD0-02000000CC01}408C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x8000000000000000115872906Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:34.957{3BF36828-7A4E-619D-7AD0-02000000CC01}408C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x8000000000000000115872905Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:34.957{3BF36828-7A4E-619D-7AD0-02000000CC01}408C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x8000000000000000115872904Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:34.957{3BF36828-7A4E-619D-7AD0-02000000CC01}408C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x8000000000000000115872903Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:34.957{3BF36828-7A4E-619D-7AD0-02000000CC01}408C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4350 (rs1_release.210407-2154)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=BC930981DA6E598A6A2E87D8355CB38A,SHA256=34DB9A305C0574B5C1694A499221B520DFB2BFD894D8E95096ABF09F1182D758,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x8000000000000000115872902Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:34.957{3BF36828-7A4E-619D-7AD0-02000000CC01}408C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x8000000000000000115872901Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:34.955{3BF36828-7A4E-619D-7AD0-02000000CC01}408C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x8000000000000000115872900Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:34.955{3BF36828-7A4E-619D-7AD0-02000000CC01}408C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x8000000000000000115872899Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:34.955{3BF36828-7A4E-619D-7AD0-02000000CC01}408C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x8000000000000000115872898Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:34.955{3BF36828-7A4E-619D-7AD0-02000000CC01}408C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x8000000000000000115872897Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:34.955{3BF36828-7A4E-619D-7AD0-02000000CC01}408C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x8000000000000000115872896Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:34.955{3BF36828-7A4E-619D-7AD0-02000000CC01}408C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x8000000000000000115872895Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:34.955{3BF36828-7A4E-619D-7AD0-02000000CC01}408C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.2969 (rs1_release.190503-1820)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=F5442C4B9A99C3AED71BED79AC46DAD1,SHA256=05F47403F3BD93FB11F39A5CB4D6E4DD08B35FF4FA3D4969D8E5396D38FB484B,IMPHASH=D2F471BB25AF6310EB67BD4EA99B4DBCtrueMicrosoft WindowsValid 10341000x8000000000000000115872894Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:34.955{3BF36828-989E-6185-C300-00000000CC01}59565960C:\Windows\system32\conhost.exe{3BF36828-7A4E-619D-7AD0-02000000CC01}408C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x8000000000000000115872893Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:34.954{3BF36828-7A4E-619D-7AD0-02000000CC01}408C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x8000000000000000115872892Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:34.954{3BF36828-7A4E-619D-7AD0-02000000CC01}408C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x8000000000000000115872891Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:34.954{3BF36828-7A4E-619D-7AD0-02000000CC01}408C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000115872890Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:34.953{3BF36828-7A4E-619D-7AD0-02000000CC01}408C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1CtrueSplunk, Inc.Valid 10341000x8000000000000000115872889Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:34.953{3BF36828-9799-6185-0C00-00000000CC01}844924C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115872888Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:34.953{3BF36828-9799-6185-0C00-00000000CC01}844924C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115872887Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:34.953{3BF36828-9799-6185-0C00-00000000CC01}844924C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115872886Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:34.953{3BF36828-9799-6185-0C00-00000000CC01}844924C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115872885Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:34.952{3BF36828-9797-6185-0500-00000000CC01}420436C:\Windows\system32\csrss.exe{3BF36828-7A4E-619D-7AD0-02000000CC01}408C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000115872884Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:34.952{3BF36828-989D-6185-BF00-00000000CC01}29682452C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3BF36828-7A4E-619D-7AD0-02000000CC01}408C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000115872883Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:34.935{3BF36828-7A4E-619D-7AD0-02000000CC01}408C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{3BF36828-9797-6185-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{3BF36828-989D-6185-BF00-00000000CC01}2968C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000059058202Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:34.294{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3CC2B40B5360C4268BF2961D2A56E572,SHA256=8637ED02F33E3AE359C7A5EEF84BD4DEECC950F753896CC90C94EDE73524FB1C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115872882Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:34.556{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=13919DEA75E212A11508262D5E304872,SHA256=C9AF1D363C5A0E437EAF942A16625EEF101456E7A63BD685828BBD8D10F606C1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x8000000000000000115872881Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:34.403{3BF36828-7A4E-619D-79D0-02000000CC01}956C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 10341000x8000000000000000115872880Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:34.403{3BF36828-7A4E-619D-79D0-02000000CC01}9564184C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{3BF36828-989D-6185-BF00-00000000CC01}2968C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x8000000000000000115872879Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:34.403{3BF36828-7A4E-619D-79D0-02000000CC01}956C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x8000000000000000115872878Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:34.403{3BF36828-7A4E-619D-79D0-02000000CC01}956C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x8000000000000000115872877Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:34.256{3BF36828-7A4E-619D-79D0-02000000CC01}956C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x8000000000000000115872876Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:34.256{3BF36828-7A4E-619D-79D0-02000000CC01}956C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=B6E99FD898E948657373BB02708C7C00,SHA256=90476029BD7AB0FEC53AAE567AE53BC0B09C7C5C8C7B8F19485BA872B74ED591,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x8000000000000000115872875Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:34.256{3BF36828-7A4E-619D-79D0-02000000CC01}956C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x8000000000000000115872874Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:34.256{3BF36828-7A4E-619D-79D0-02000000CC01}956C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x8000000000000000115872873Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:34.256{3BF36828-7A4E-619D-79D0-02000000CC01}956C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x8000000000000000115872872Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:34.256{3BF36828-7A4E-619D-79D0-02000000CC01}956C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x8000000000000000115872871Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:34.256{3BF36828-7A4E-619D-79D0-02000000CC01}956C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x8000000000000000115872870Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:34.256{3BF36828-7A4E-619D-79D0-02000000CC01}956C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x8000000000000000115872869Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:34.256{3BF36828-7A4E-619D-79D0-02000000CC01}956C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x8000000000000000115872868Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:34.256{3BF36828-7A4E-619D-79D0-02000000CC01}956C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x8000000000000000115872867Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:34.256{3BF36828-7A4E-619D-79D0-02000000CC01}956C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x8000000000000000115872866Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:34.256{3BF36828-7A4E-619D-79D0-02000000CC01}956C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x8000000000000000115872865Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:34.256{3BF36828-7A4E-619D-79D0-02000000CC01}956C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\combase.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=88632FDECDE467B887C3594BE2EC545C,SHA256=FFED4D80961917C785063411ED15CED1DB6588AD925E76D72E1BF684FFDBF25D,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x8000000000000000115872864Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:34.256{3BF36828-7A4E-619D-79D0-02000000CC01}956C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x8000000000000000115872863Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:34.256{3BF36828-7A4E-619D-79D0-02000000CC01}956C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x8000000000000000115872862Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:34.256{3BF36828-7A4E-619D-79D0-02000000CC01}956C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x8000000000000000115872861Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:34.256{3BF36828-7A4E-619D-79D0-02000000CC01}956C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000115872860Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:34.256{3BF36828-7A4E-619D-79D0-02000000CC01}956C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x8000000000000000115872859Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:34.256{3BF36828-7A4E-619D-79D0-02000000CC01}956C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x8000000000000000115872858Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:34.256{3BF36828-7A4E-619D-79D0-02000000CC01}956C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x8000000000000000115872857Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:34.256{3BF36828-7A4E-619D-79D0-02000000CC01}956C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x8000000000000000115872856Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:34.256{3BF36828-7A4E-619D-79D0-02000000CC01}956C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x8000000000000000115872855Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:34.256{3BF36828-7A4E-619D-79D0-02000000CC01}956C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x8000000000000000115872854Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:34.256{3BF36828-7A4E-619D-79D0-02000000CC01}956C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x8000000000000000115872853Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:34.256{3BF36828-7A4E-619D-79D0-02000000CC01}956C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x8000000000000000115872852Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:34.256{3BF36828-7A4E-619D-79D0-02000000CC01}956C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x8000000000000000115872851Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:34.256{3BF36828-7A4E-619D-79D0-02000000CC01}956C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x8000000000000000115872850Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:34.256{3BF36828-7A4E-619D-79D0-02000000CC01}956C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4350 (rs1_release.210407-2154)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=BC930981DA6E598A6A2E87D8355CB38A,SHA256=34DB9A305C0574B5C1694A499221B520DFB2BFD894D8E95096ABF09F1182D758,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x8000000000000000115872849Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:34.256{3BF36828-7A4E-619D-79D0-02000000CC01}956C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x8000000000000000115872848Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:34.256{3BF36828-7A4E-619D-79D0-02000000CC01}956C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x8000000000000000115872847Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:34.256{3BF36828-7A4E-619D-79D0-02000000CC01}956C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x8000000000000000115872846Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:34.256{3BF36828-7A4E-619D-79D0-02000000CC01}956C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x8000000000000000115872845Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:34.255{3BF36828-7A4E-619D-79D0-02000000CC01}956C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x8000000000000000115872844Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:34.255{3BF36828-7A4E-619D-79D0-02000000CC01}956C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5,IMPHASH=0D8FF9DE2DA5C07D680347B1A098E759trueMicrosoft WindowsValid 734700x8000000000000000115872843Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:34.255{3BF36828-7A4E-619D-79D0-02000000CC01}956C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x8000000000000000115872842Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:34.255{3BF36828-7A4E-619D-79D0-02000000CC01}956C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\advapi32.dll10.0.14393.2969 (rs1_release.190503-1820)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=F5442C4B9A99C3AED71BED79AC46DAD1,SHA256=05F47403F3BD93FB11F39A5CB4D6E4DD08B35FF4FA3D4969D8E5396D38FB484B,IMPHASH=D2F471BB25AF6310EB67BD4EA99B4DBCtrueMicrosoft WindowsValid 10341000x8000000000000000115872841Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:34.254{3BF36828-989E-6185-C300-00000000CC01}59565960C:\Windows\system32\conhost.exe{3BF36828-7A4E-619D-79D0-02000000CC01}956C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x8000000000000000115872840Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:34.254{3BF36828-7A4E-619D-79D0-02000000CC01}956C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x8000000000000000115872839Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:34.254{3BF36828-7A4E-619D-79D0-02000000CC01}956C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x8000000000000000115872838Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:34.253{3BF36828-7A4E-619D-79D0-02000000CC01}956C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000115872837Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:34.253{3BF36828-7A4E-619D-79D0-02000000CC01}956C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exeMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25trueSplunk, Inc.Valid 10341000x8000000000000000115872836Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:34.253{3BF36828-9799-6185-0C00-00000000CC01}844924C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115872835Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:34.253{3BF36828-9799-6185-0C00-00000000CC01}844924C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115872834Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:34.252{3BF36828-9799-6185-0C00-00000000CC01}844924C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115872833Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:34.252{3BF36828-9799-6185-0C00-00000000CC01}844924C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115872832Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:34.252{3BF36828-9797-6185-0500-00000000CC01}420536C:\Windows\system32\csrss.exe{3BF36828-7A4E-619D-79D0-02000000CC01}956C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000115872831Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:34.252{3BF36828-989D-6185-BF00-00000000CC01}29682452C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3BF36828-7A4E-619D-79D0-02000000CC01}956C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000115872830Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:34.235{3BF36828-7A4E-619D-79D0-02000000CC01}956C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{3BF36828-9797-6185-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{3BF36828-989D-6185-BF00-00000000CC01}2968C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000059058203Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:35.309{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=42DCAC270D53518D9FE573860417E41F,SHA256=739A44D532111D18930E78416897F6A38B134841587C887CA2E6438B0267983F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x8000000000000000115872995Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:35.787{3BF36828-7A4F-619D-7BD0-02000000CC01}5392C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x8000000000000000115872994Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:35.787{3BF36828-7A4F-619D-7BD0-02000000CC01}5392C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x8000000000000000115872993Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:35.787{3BF36828-7A4F-619D-7BD0-02000000CC01}5392C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 10341000x8000000000000000115872992Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:35.771{3BF36828-9D19-618C-1ED4-00000000CC01}61284772C:\Windows\system32\taskmgr.exe{3BF36828-7A4F-619D-7BD0-02000000CC01}5392C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+19544|C:\Windows\system32\taskmgr.exe+1a290|C:\Windows\system32\taskmgr.exe+19e20|C:\Windows\system32\taskmgr.exe+1cc42|C:\Windows\system32\taskmgr.exe+14fa9|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115872991Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:35.771{3BF36828-9D19-618C-1ED4-00000000CC01}61284772C:\Windows\system32\taskmgr.exe{3BF36828-7A4F-619D-7BD0-02000000CC01}5392C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\taskmgr.exe+1e590|C:\Windows\system32\taskmgr.exe+1a25e|C:\Windows\system32\taskmgr.exe+19e20|C:\Windows\system32\taskmgr.exe+1cc42|C:\Windows\system32\taskmgr.exe+14fa9|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115872990Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:35.771{3BF36828-9D19-618C-1ED4-00000000CC01}61284772C:\Windows\system32\taskmgr.exe{3BF36828-7A4F-619D-7BD0-02000000CC01}5392C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+1ea6a|C:\Windows\system32\taskmgr.exe+1a0d0|C:\Windows\system32\taskmgr.exe+19e20|C:\Windows\system32\taskmgr.exe+1cc42|C:\Windows\system32\taskmgr.exe+14fa9|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115872989Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:35.771{3BF36828-9D19-618C-1ED4-00000000CC01}61284772C:\Windows\system32\taskmgr.exe{3BF36828-7A4F-619D-7BD0-02000000CC01}5392C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+b1cf|C:\Windows\system32\taskmgr.exe+1a084|C:\Windows\system32\taskmgr.exe+19e20|C:\Windows\system32\taskmgr.exe+1cc42|C:\Windows\system32\taskmgr.exe+14fa9|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115872988Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:35.771{3BF36828-9D19-618C-1ED4-00000000CC01}61284772C:\Windows\system32\taskmgr.exe{3BF36828-7A4F-619D-7BD0-02000000CC01}5392C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+b2b8|C:\Windows\system32\taskmgr.exe+19d0d|C:\Windows\system32\taskmgr.exe+1cc42|C:\Windows\system32\taskmgr.exe+14fa9|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x8000000000000000115872987Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:35.655{3BF36828-7A4F-619D-7BD0-02000000CC01}5392C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x8000000000000000115872986Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:35.655{3BF36828-7A4F-619D-7BD0-02000000CC01}5392C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=B6E99FD898E948657373BB02708C7C00,SHA256=90476029BD7AB0FEC53AAE567AE53BC0B09C7C5C8C7B8F19485BA872B74ED591,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x8000000000000000115872985Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:35.654{3BF36828-7A4F-619D-7BD0-02000000CC01}5392C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x8000000000000000115872984Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:35.653{3BF36828-7A4F-619D-7BD0-02000000CC01}5392C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x8000000000000000115872983Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:35.652{3BF36828-7A4F-619D-7BD0-02000000CC01}5392C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x8000000000000000115872982Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:35.651{3BF36828-7A4F-619D-7BD0-02000000CC01}5392C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x8000000000000000115872981Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:35.651{3BF36828-7A4F-619D-7BD0-02000000CC01}5392C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x8000000000000000115872980Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:35.651{3BF36828-7A4F-619D-7BD0-02000000CC01}5392C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x8000000000000000115872979Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:35.634{3BF36828-7A4F-619D-7BD0-02000000CC01}5392C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sspicli.dll10.0.14393.2580 (rs1_release_inmarket.181009-1745)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=5061339CE61C0B32DB8F51A95E3B2422,SHA256=60558CA374334D4C6BBAD475921538C14A9FF3422893348A0503C1F33015FD25,IMPHASH=4B1C9487A6420C18F688F0EC5BEB6F33trueMicrosoft WindowsValid 734700x8000000000000000115872978Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:35.634{3BF36828-7A4F-619D-7BD0-02000000CC01}5392C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x8000000000000000115872977Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:35.634{3BF36828-7A4F-619D-7BD0-02000000CC01}5392C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x8000000000000000115872976Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:35.634{3BF36828-7A4F-619D-7BD0-02000000CC01}5392C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x8000000000000000115872975Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:35.634{3BF36828-7A4F-619D-7BD0-02000000CC01}5392C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x8000000000000000115872974Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:35.634{3BF36828-7A4F-619D-7BD0-02000000CC01}5392C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\combase.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=88632FDECDE467B887C3594BE2EC545C,SHA256=FFED4D80961917C785063411ED15CED1DB6588AD925E76D72E1BF684FFDBF25D,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x8000000000000000115872973Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:35.634{3BF36828-7A4F-619D-7BD0-02000000CC01}5392C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x8000000000000000115872972Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:35.634{3BF36828-7A4F-619D-7BD0-02000000CC01}5392C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x8000000000000000115872971Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:35.634{3BF36828-7A4F-619D-7BD0-02000000CC01}5392C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x8000000000000000115872970Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:35.634{3BF36828-7A4F-619D-7BD0-02000000CC01}5392C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x8000000000000000115872969Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:35.634{3BF36828-7A4F-619D-7BD0-02000000CC01}5392C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x8000000000000000115872968Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:35.634{3BF36828-7A4F-619D-7BD0-02000000CC01}5392C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x8000000000000000115872967Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:35.634{3BF36828-7A4F-619D-7BD0-02000000CC01}5392C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x8000000000000000115872966Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:35.634{3BF36828-7A4F-619D-7BD0-02000000CC01}5392C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x8000000000000000115872965Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:35.634{3BF36828-7A4F-619D-7BD0-02000000CC01}5392C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x8000000000000000115872964Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:35.634{3BF36828-7A4F-619D-7BD0-02000000CC01}5392C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x8000000000000000115872963Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:35.634{3BF36828-7A4F-619D-7BD0-02000000CC01}5392C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000115872962Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:35.634{3BF36828-7A4F-619D-7BD0-02000000CC01}5392C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x8000000000000000115872961Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:35.634{3BF36828-7A4F-619D-7BD0-02000000CC01}5392C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x8000000000000000115872960Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:35.634{3BF36828-7A4F-619D-7BD0-02000000CC01}5392C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x8000000000000000115872959Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:35.634{3BF36828-7A4F-619D-7BD0-02000000CC01}5392C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x8000000000000000115872958Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:35.634{3BF36828-7A4F-619D-7BD0-02000000CC01}5392C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x8000000000000000115872957Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:35.634{3BF36828-7A4F-619D-7BD0-02000000CC01}5392C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x8000000000000000115872956Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:35.634{3BF36828-7A4F-619D-7BD0-02000000CC01}5392C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\nsi.dll10.0.14393.3297 (rs1_release_1.191001-1045)NSI User-mode interface DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationnsi.dllMD5=994E2A6D2A0B38E0968B3998E42033AC,SHA256=491F2D1DE09C39B324BCF5800198AC7CCE755F4023F1FEB3854D33716461BC27,IMPHASH=B01B7830101BC0D5FBDE4FFE2B170CF7trueMicrosoft WindowsValid 734700x8000000000000000115872955Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:35.634{3BF36828-7A4F-619D-7BD0-02000000CC01}5392C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x8000000000000000115872954Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:35.634{3BF36828-7A4F-619D-7BD0-02000000CC01}5392C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\IPHLPAPI.DLL10.0.14393.2339 (rs1_release_inmarket.180611-1502)IP Helper APIMicrosoft® Windows® Operating SystemMicrosoft Corporationiphlpapi.dllMD5=3CD38EDF9CA12F91131EDEE32D1C9DF5,SHA256=AF2440640BF8BDEAAF0DECDD7C354158E415ED0AA340ABA7A6CCCDC09C1E728B,IMPHASH=98738BA55485CCA932F6D222F47FFC55trueMicrosoft WindowsValid 734700x8000000000000000115872953Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:35.634{3BF36828-7A4F-619D-7BD0-02000000CC01}5392C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5,IMPHASH=0D8FF9DE2DA5C07D680347B1A098E759trueMicrosoft WindowsValid 734700x8000000000000000115872952Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:35.634{3BF36828-7A4F-619D-7BD0-02000000CC01}5392C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dnsapi.dll10.0.14393.4350 (rs1_release.210407-2154)DNS Client API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationdnsapiMD5=D7651F99299B13D576A72643BFC44944,SHA256=589302E630C473DBDF4CE92C59F00B029FCA0C228E7111A764166E16025FA1A9,IMPHASH=3C043C6FF0F62DAEB8819606F79C5ECCtrueMicrosoft WindowsValid 734700x8000000000000000115872951Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:35.634{3BF36828-7A4F-619D-7BD0-02000000CC01}5392C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\advapi32.dll10.0.14393.2969 (rs1_release.190503-1820)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=F5442C4B9A99C3AED71BED79AC46DAD1,SHA256=05F47403F3BD93FB11F39A5CB4D6E4DD08B35FF4FA3D4969D8E5396D38FB484B,IMPHASH=D2F471BB25AF6310EB67BD4EA99B4DBCtrueMicrosoft WindowsValid 734700x8000000000000000115872950Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:35.634{3BF36828-7A4F-619D-7BD0-02000000CC01}5392C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4350 (rs1_release.210407-2154)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=BC930981DA6E598A6A2E87D8355CB38A,SHA256=34DB9A305C0574B5C1694A499221B520DFB2BFD894D8E95096ABF09F1182D758,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x8000000000000000115872949Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:35.634{3BF36828-7A4F-619D-7BD0-02000000CC01}5392C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x8000000000000000115872948Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:35.634{3BF36828-7A4F-619D-7BD0-02000000CC01}5392C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 10341000x8000000000000000115872947Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:35.634{3BF36828-989E-6185-C300-00000000CC01}59565960C:\Windows\system32\conhost.exe{3BF36828-7A4F-619D-7BD0-02000000CC01}5392C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x8000000000000000115872946Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:35.634{3BF36828-7A4F-619D-7BD0-02000000CC01}5392C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x8000000000000000115872945Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:35.634{3BF36828-7A4F-619D-7BD0-02000000CC01}5392C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x8000000000000000115872944Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:35.634{3BF36828-7A4F-619D-7BD0-02000000CC01}5392C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000115872943Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:35.634{3BF36828-7A4F-619D-7BD0-02000000CC01}5392C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exeMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AECtrueSplunk, Inc.Valid 10341000x8000000000000000115872942Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:35.634{3BF36828-9799-6185-0C00-00000000CC01}844924C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115872941Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:35.634{3BF36828-9799-6185-0C00-00000000CC01}844924C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115872940Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:35.634{3BF36828-9799-6185-0C00-00000000CC01}844924C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115872939Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:35.634{3BF36828-9799-6185-0C00-00000000CC01}844924C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115872938Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:35.634{3BF36828-9797-6185-0500-00000000CC01}420436C:\Windows\system32\csrss.exe{3BF36828-7A4F-619D-7BD0-02000000CC01}5392C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000115872937Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:35.634{3BF36828-989D-6185-BF00-00000000CC01}29682452C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3BF36828-7A4F-619D-7BD0-02000000CC01}5392C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000115872936Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:35.619{3BF36828-7A4F-619D-7BD0-02000000CC01}5392C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{3BF36828-9797-6185-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{3BF36828-989D-6185-BF00-00000000CC01}2968C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x8000000000000000115872935Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:59.887{3BF36828-98A5-6185-ED00-00000000CC01}2352C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local61820-false10.0.1.12-8000- 734700x8000000000000000115872934Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:35.156{3BF36828-7A4E-619D-7AD0-02000000CC01}408C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 10341000x8000000000000000115872933Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:35.156{3BF36828-7A4E-619D-7AD0-02000000CC01}4086232C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{3BF36828-989D-6185-BF00-00000000CC01}2968C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x8000000000000000115872932Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:35.156{3BF36828-7A4E-619D-7AD0-02000000CC01}408C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x8000000000000000115872931Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:35.155{3BF36828-7A4E-619D-7AD0-02000000CC01}408C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 23542300x8000000000000000115872930Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:35.020{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C77C7FE2BE2030CBC6ACBD3C6B750F5F,SHA256=AE8F74C7AA57F0FB477574FC5C1A3ECE1DE7C70DF97BB0DFD8E35647EF41B3F9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058204Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:36.325{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7E19A841F42FD92289B2CF0AD3E08619,SHA256=DB0B15C3BDA35013AFBBB7CEF522F2DAFF31CB7C074568B42EC725B3D33D764E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x8000000000000000115873049Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:36.317{3BF36828-7A50-619D-7CD0-02000000CC01}5480C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x8000000000000000115873048Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:36.317{3BF36828-7A50-619D-7CD0-02000000CC01}5480C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x8000000000000000115873047Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:36.317{3BF36828-7A50-619D-7CD0-02000000CC01}5480C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x8000000000000000115873046Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:36.171{3BF36828-7A50-619D-7CD0-02000000CC01}5480C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x8000000000000000115873045Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:36.171{3BF36828-7A50-619D-7CD0-02000000CC01}5480C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=B6E99FD898E948657373BB02708C7C00,SHA256=90476029BD7AB0FEC53AAE567AE53BC0B09C7C5C8C7B8F19485BA872B74ED591,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x8000000000000000115873044Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:36.171{3BF36828-7A50-619D-7CD0-02000000CC01}5480C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x8000000000000000115873043Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:36.171{3BF36828-7A50-619D-7CD0-02000000CC01}5480C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x8000000000000000115873042Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:36.171{3BF36828-7A50-619D-7CD0-02000000CC01}5480C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x8000000000000000115873041Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:36.171{3BF36828-7A50-619D-7CD0-02000000CC01}5480C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x8000000000000000115873040Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:36.171{3BF36828-7A50-619D-7CD0-02000000CC01}5480C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 23542300x8000000000000000115873039Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:36.171{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=176AAA92D5E649CFFF53BF129C663B02,SHA256=0944172FD3779BEE8E841D6092BA235F2021EB8803B2C1DAAB39E0E460AC0FD5,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x8000000000000000115873038Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:36.155{3BF36828-7A50-619D-7CD0-02000000CC01}5480C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x8000000000000000115873037Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:36.155{3BF36828-7A50-619D-7CD0-02000000CC01}5480C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x8000000000000000115873036Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:36.155{3BF36828-7A50-619D-7CD0-02000000CC01}5480C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x8000000000000000115873035Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:36.155{3BF36828-7A50-619D-7CD0-02000000CC01}5480C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x8000000000000000115873034Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:36.155{3BF36828-7A50-619D-7CD0-02000000CC01}5480C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x8000000000000000115873033Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:36.155{3BF36828-7A50-619D-7CD0-02000000CC01}5480C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x8000000000000000115873032Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:36.155{3BF36828-7A50-619D-7CD0-02000000CC01}5480C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x8000000000000000115873031Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:36.155{3BF36828-7A50-619D-7CD0-02000000CC01}5480C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\winspool.drv10.0.14393.4169 (rs1_release.210107-1130)Windows Spooler DriverMicrosoft® Windows® Operating SystemMicrosoft Corporationwinspool.drvMD5=D21FAA584F844E61375D95B5BE9115EE,SHA256=E221EA0081FDE7AAAD71A38016A8D470082B3732E9ED2D8ED7C97E9F41AF0045,IMPHASH=2005807FD04567B79F4109D23F9E6018trueMicrosoft WindowsValid 734700x8000000000000000115873030Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:36.155{3BF36828-7A50-619D-7CD0-02000000CC01}5480C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x8000000000000000115873029Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:36.155{3BF36828-7A50-619D-7CD0-02000000CC01}5480C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x8000000000000000115873028Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:36.155{3BF36828-7A50-619D-7CD0-02000000CC01}5480C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x8000000000000000115873027Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:36.155{3BF36828-7A50-619D-7CD0-02000000CC01}5480C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x8000000000000000115873026Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:36.155{3BF36828-7A50-619D-7CD0-02000000CC01}5480C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x8000000000000000115873025Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:36.155{3BF36828-7A50-619D-7CD0-02000000CC01}5480C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\combase.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=88632FDECDE467B887C3594BE2EC545C,SHA256=FFED4D80961917C785063411ED15CED1DB6588AD925E76D72E1BF684FFDBF25D,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x8000000000000000115873024Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:36.155{3BF36828-7A50-619D-7CD0-02000000CC01}5480C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x8000000000000000115873023Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:36.155{3BF36828-7A50-619D-7CD0-02000000CC01}5480C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x8000000000000000115873022Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:36.155{3BF36828-7A50-619D-7CD0-02000000CC01}5480C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x8000000000000000115873021Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:36.155{3BF36828-7A50-619D-7CD0-02000000CC01}5480C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x8000000000000000115873020Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:36.155{3BF36828-7A50-619D-7CD0-02000000CC01}5480C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x8000000000000000115873019Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:36.155{3BF36828-7A50-619D-7CD0-02000000CC01}5480C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x8000000000000000115873018Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:36.155{3BF36828-7A50-619D-7CD0-02000000CC01}5480C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x8000000000000000115873017Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:36.155{3BF36828-7A50-619D-7CD0-02000000CC01}5480C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4350 (rs1_release.210407-2154)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=BC930981DA6E598A6A2E87D8355CB38A,SHA256=34DB9A305C0574B5C1694A499221B520DFB2BFD894D8E95096ABF09F1182D758,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x8000000000000000115873016Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:36.155{3BF36828-7A50-619D-7CD0-02000000CC01}5480C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x8000000000000000115873015Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:36.155{3BF36828-7A50-619D-7CD0-02000000CC01}5480C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x8000000000000000115873014Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:36.155{3BF36828-7A50-619D-7CD0-02000000CC01}5480C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\advapi32.dll10.0.14393.2969 (rs1_release.190503-1820)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=F5442C4B9A99C3AED71BED79AC46DAD1,SHA256=05F47403F3BD93FB11F39A5CB4D6E4DD08B35FF4FA3D4969D8E5396D38FB484B,IMPHASH=D2F471BB25AF6310EB67BD4EA99B4DBCtrueMicrosoft WindowsValid 734700x8000000000000000115873013Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:36.155{3BF36828-7A50-619D-7CD0-02000000CC01}5480C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x8000000000000000115873012Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:36.155{3BF36828-7A50-619D-7CD0-02000000CC01}5480C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x8000000000000000115873011Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:36.155{3BF36828-7A50-619D-7CD0-02000000CC01}5480C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000115873010Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:36.155{3BF36828-7A50-619D-7CD0-02000000CC01}5480C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 10341000x8000000000000000115873009Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:36.155{3BF36828-989E-6185-C300-00000000CC01}59565960C:\Windows\system32\conhost.exe{3BF36828-7A50-619D-7CD0-02000000CC01}5480C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x8000000000000000115873008Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:36.155{3BF36828-7A50-619D-7CD0-02000000CC01}5480C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x8000000000000000115873007Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:36.155{3BF36828-7A50-619D-7CD0-02000000CC01}5480C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x8000000000000000115873006Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:36.155{3BF36828-7A50-619D-7CD0-02000000CC01}5480C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000115873005Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:36.155{3BF36828-7A50-619D-7CD0-02000000CC01}5480C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exeMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748trueSplunk, Inc.Valid 10341000x8000000000000000115873004Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:36.155{3BF36828-9799-6185-0C00-00000000CC01}844924C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115873003Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:36.155{3BF36828-9799-6185-0C00-00000000CC01}844924C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115873002Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:36.155{3BF36828-9799-6185-0C00-00000000CC01}844924C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115873001Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:36.155{3BF36828-9799-6185-0C00-00000000CC01}844924C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115873000Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:36.155{3BF36828-9797-6185-0500-00000000CC01}420436C:\Windows\system32\csrss.exe{3BF36828-7A50-619D-7CD0-02000000CC01}5480C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000115872999Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:36.155{3BF36828-989D-6185-BF00-00000000CC01}29682452C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3BF36828-7A50-619D-7CD0-02000000CC01}5480C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000115872998Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:36.137{3BF36828-7A50-619D-7CD0-02000000CC01}5480C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{3BF36828-9797-6185-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{3BF36828-989D-6185-BF00-00000000CC01}2968C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000115872997Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:36.133{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=42838E6F69E224664FD7D79621F886EB,SHA256=BFB216F601D2D3560A41DD94147B4F0D5304B33E972B2086CAB4F590A1A58FCE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115872996Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:36.133{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=DB9EB596E1A1BA2EBDF363019376935D,SHA256=644AF124F2EEF55D2744871CFB77F3D961992D22DD24B55A4965D8D1BEFF9884,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000059058219Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:37.856{B81B27B7-7A51-619D-E136-01000000CC01}6882152C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{B81B27B7-28B3-6193-2C00-00000000CC01}2332C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058218Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:37.669{B81B27B7-28B4-6193-3100-00000000CC01}31203140C:\Windows\system32\conhost.exe{B81B27B7-7A51-619D-E136-01000000CC01}688C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058217Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:37.669{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058216Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:37.669{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058215Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:37.669{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058214Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:37.669{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058213Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:37.669{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058212Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:37.669{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058211Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:37.669{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058210Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:37.669{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058209Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:37.669{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058208Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:37.669{B81B27B7-28B0-6193-0500-00000000CC01}408384C:\Windows\system32\csrss.exe{B81B27B7-7A51-619D-E136-01000000CC01}688C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000059058207Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:37.669{B81B27B7-28B3-6193-2C00-00000000CC01}23323408C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{B81B27B7-7A51-619D-E136-01000000CC01}688C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000059058206Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:37.654{B81B27B7-7A51-619D-E136-01000000CC01}688C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{B81B27B7-28B1-6193-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{B81B27B7-28B3-6193-2C00-00000000CC01}2332C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000059058205Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:37.341{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A6C466EB26C73EA5D18A4BED3F25D190,SHA256=62209BEAF5662EFC27418A7B2EAE1C24F150B45221B911B6964B75CCBC8ACC76,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x8000000000000000115873053Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:02.071{3BF36828-9797-6185-0B00-00000000CC01}636C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-128.attackrange.local61821-true0:0:0:0:0:0:0:1win-dc-128.attackrange.local389ldap 354300x8000000000000000115873052Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:02.071{3BF36828-97A9-6185-2800-00000000CC01}2876C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-128.attackrange.local61821-true0:0:0:0:0:0:0:1win-dc-128.attackrange.local389ldap 23542300x8000000000000000115873051Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:37.271{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EF6FD6F76EAF9DD4AA241BAFF85DC210,SHA256=C131B71244F04CE86A84C2269A0CB04A5EE104EEB2A594E7DE4B9EF646FAA3DC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873050Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:37.154{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=53B535DF3727AACB8098BD62DD294085,SHA256=8BE29E89628B86FDF593B153DD6F1CD7EB3E80934F330998A2D33CA9BEA218D1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873054Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:38.171{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BCF19C07A012FCE371A2FA729AB99881,SHA256=4AE113E56740FBF857171290C2049A56CA1A42B240DB1105B5D4AD6CD72C5FD8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058236Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:38.653{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=846507D3C5046D59ADC199572AADC964,SHA256=C9554067B04F1E63BEA917CA3EED12EE8657F0BF544BA71C0BFD0C326E681641,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058235Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:38.653{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=5E9ABF503960452379F57C49FEA5711E,SHA256=CD1CFEC6CFDD53FCA631E77E47457C02A343C1BB13A57C0AFF6FC113A227A6A9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000059058234Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:38.497{B81B27B7-7A52-619D-E236-01000000CC01}3536420C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{B81B27B7-28B3-6193-2C00-00000000CC01}2332C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000059058233Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:38.356{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B56045DDE6500F530D197DBCE73204A8,SHA256=C1EAF81F7012BA163C2BA96412FD026604C980D7C05ED89B88F64C53AB7B6E37,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000059058232Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:38.356{B81B27B7-28B4-6193-3100-00000000CC01}31203140C:\Windows\system32\conhost.exe{B81B27B7-7A52-619D-E236-01000000CC01}3536C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058231Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:38.356{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058230Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:38.356{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058229Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:38.356{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058228Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:38.356{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058227Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:38.356{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058226Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:38.356{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058225Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:38.356{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058224Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:38.356{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058223Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:38.356{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058222Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:38.356{B81B27B7-28B0-6193-0500-00000000CC01}408384C:\Windows\system32\csrss.exe{B81B27B7-7A52-619D-E236-01000000CC01}3536C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000059058221Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:38.356{B81B27B7-28B3-6193-2C00-00000000CC01}23323408C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{B81B27B7-7A52-619D-E236-01000000CC01}3536C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000059058220Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:38.341{B81B27B7-7A52-619D-E236-01000000CC01}3536C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{B81B27B7-28B1-6193-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{B81B27B7-28B3-6193-2C00-00000000CC01}2332C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000115873055Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:39.185{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8B7FAF10D35500D5CF2E347DF2B5F1BD,SHA256=8DF55E0E5EAA974ACFE6B5AA2A87CA8034B3923D04F9BBA303536CE2706A261A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000059058265Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:39.856{B81B27B7-7A53-619D-E436-01000000CC01}40284724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{B81B27B7-28B3-6193-2C00-00000000CC01}2332C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058264Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:39.731{B81B27B7-28B4-6193-3100-00000000CC01}31203140C:\Windows\system32\conhost.exe{B81B27B7-7A53-619D-E436-01000000CC01}4028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058263Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:39.731{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058262Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:39.731{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058261Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:39.731{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058260Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:39.731{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058259Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:39.731{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058258Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:39.731{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058257Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:39.731{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058256Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:39.731{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058255Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:39.731{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058254Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:39.731{B81B27B7-28B0-6193-0500-00000000CC01}408424C:\Windows\system32\csrss.exe{B81B27B7-7A53-619D-E436-01000000CC01}4028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000059058253Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:39.716{B81B27B7-28B3-6193-2C00-00000000CC01}23323408C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{B81B27B7-7A53-619D-E436-01000000CC01}4028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000059058252Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:39.717{B81B27B7-7A53-619D-E436-01000000CC01}4028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{B81B27B7-28B1-6193-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{B81B27B7-28B3-6193-2C00-00000000CC01}2332C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000059058251Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:39.388{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=41C86FF88292C7CD0F43CD09D5EBBB53,SHA256=DA749CFDF1626F6EEB8EBA79293CF2FB022B36C66251837E1A12DA6EEDE65024,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000059058250Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:24.791{B81B27B7-28BE-6193-7E00-00000000CC01}5272C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58087-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 10341000x800000000000000059058249Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:39.044{B81B27B7-28B4-6193-3100-00000000CC01}31203140C:\Windows\system32\conhost.exe{B81B27B7-7A53-619D-E336-01000000CC01}4868C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058248Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:39.044{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058247Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:39.044{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058246Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:39.044{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058245Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:39.044{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058244Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:39.044{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058243Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:39.044{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058242Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:39.044{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058241Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:39.044{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058240Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:39.044{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058239Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:39.044{B81B27B7-28B0-6193-0500-00000000CC01}408424C:\Windows\system32\csrss.exe{B81B27B7-7A53-619D-E336-01000000CC01}4868C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000059058238Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:39.044{B81B27B7-28B3-6193-2C00-00000000CC01}23323408C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{B81B27B7-7A53-619D-E336-01000000CC01}4868C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000059058237Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:39.029{B81B27B7-7A53-619D-E336-01000000CC01}4868C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{B81B27B7-28B1-6193-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{B81B27B7-28B3-6193-2C00-00000000CC01}2332C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000059058267Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:40.403{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=396710445585E3676F4DD4328C40DA13,SHA256=D5692CCA6EA7B0076E18E03D8567E986EF5BBD14D2F2C6C6F5899E5A82824777,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873056Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:40.200{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3922AD5CC6DF48EC515C0411BD7B88D7,SHA256=4E859762E2E953DDD4EBFD623F4D440CD0DE9C54B3811D5E4579B25A444B0296,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058266Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:40.059{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=846507D3C5046D59ADC199572AADC964,SHA256=C9554067B04F1E63BEA917CA3EED12EE8657F0BF544BA71C0BFD0C326E681641,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058268Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:41.419{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D4D338EFC55830215CC7500DB120E7A6,SHA256=8E3498E4D2FC5E1C2C96483C51064A500CC9B73A82397C12FEFE0A5881C9AFC8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x8000000000000000115873059Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:05.737{3BF36828-98A5-6185-ED00-00000000CC01}2352C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local61822-false10.0.1.12-8000- 23542300x8000000000000000115873058Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:41.219{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1F69C54EC18E44A436AF500B11CE2E6F,SHA256=FA7A3833F3431EADF106740F66BACDB5D24F803573B5A895E99F219A3596E83D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873057Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:41.088{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=DD13B4E3245A7F4DC6176CF07708D75A,SHA256=FD9CBABAB69AE9C1F18E6B1E9C2BC850D020DFDC59EB0DD158D2898841BB474C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058269Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:42.638{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0B6971868324E8B22E05A794D72BA011,SHA256=7045489D836FEC2D997188F15D18287B77DF34E36DF9D6D312DF1BD959A1BD9A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873060Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:42.251{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=244D4D7AB81888804FC1F36B5E2E6496,SHA256=7C75A217E62A6A95FB4111ED7F95FB43ED2DA6E089F5E0CC8D309849E838181D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873062Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:43.586{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=7D6027385ABFBC4E2EA3FBB91BF10973,SHA256=774A938814FF30AD44468F79EB4F67878180C6E6D2ABAD191DE1130AEAD63EC3,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873061Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:43.286{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4C6ECA1E9F88DC6E723C9E3714511262,SHA256=9A93C4A4A2B93AF7D06DFA51926B44F3E258D8BBF9EF1B4BAE4176E7FB60C07C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058270Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:43.653{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=48E9955AFB3B804981464BDD81FC0B0E,SHA256=4C6B94946E8557B6F1B7B74C186DC8F801D7629F000D8392EE7CFBA419456619,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058273Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:44.669{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8AA6222139E751A001AEAB5C575B6916,SHA256=E3CE49856EA97EEF8A82C5E16496346BE45E89537D8B9CE4D24731C464D46215,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x8000000000000000115873067Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:09.073{3BF36828-9797-6185-0B00-00000000CC01}636C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.15ip-10-0-1-15.us-west-2.compute.internal58089-false10.0.1.14win-dc-128.attackrange.local49672- 354300x8000000000000000115873066Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:09.071{3BF36828-9799-6185-0D00-00000000CC01}904C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcptruefalse10.0.1.14win-dc-128.attackrange.local61823-false10.0.1.15ip-10-0-1-15.us-west-2.compute.internal135epmap 10341000x8000000000000000115873065Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:44.354{3BF36828-9799-6185-1600-00000000CC01}12728084C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2E00-00000000CC01}2972C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\wmiprvsd.dll+2a2f2|C:\Windows\system32\wbem\wmiprvsd.dll+29e26|C:\Windows\system32\wbem\wmiprvsd.dll+28432|C:\Windows\system32\wbem\wmiprvsd.dll+57817|C:\Windows\system32\wbem\wmiprvsd.dll+8a475|C:\Windows\system32\wbem\wbemcore.dll+bcb3|C:\Windows\system32\wbem\wbemcore.dll+3393|C:\Windows\system32\wbem\wbemcore.dll+22adf|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+2c9be|C:\Windows\system32\wbem\wbemcore.dll+202d8|C:\Windows\system32\wbem\wbemcore.dll+390e|C:\Windows\system32\wbem\wbemcore.dll+22bba|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+22711|C:\Windows\system32\wbem\wbemcore.dll+2d78c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115873064Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:44.354{3BF36828-9799-6185-1600-00000000CC01}12728084C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2E00-00000000CC01}2972C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\wmiprvsd.dll+2597b|C:\Windows\system32\wbem\wmiprvsd.dll+283dc|C:\Windows\system32\wbem\wmiprvsd.dll+57817|C:\Windows\system32\wbem\wmiprvsd.dll+8a475|C:\Windows\system32\wbem\wbemcore.dll+bcb3|C:\Windows\system32\wbem\wbemcore.dll+3393|C:\Windows\system32\wbem\wbemcore.dll+22adf|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+2c9be|C:\Windows\system32\wbem\wbemcore.dll+202d8|C:\Windows\system32\wbem\wbemcore.dll+390e|C:\Windows\system32\wbem\wbemcore.dll+22bba|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+22711|C:\Windows\system32\wbem\wbemcore.dll+2d78c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000115873063Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:44.301{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3B6D87B52C17E8756CAA13406DD705C8,SHA256=143D576A9EEFFCD791637B7E9121EB7E9C1F6B226626654EC7C726753EDDDEE2,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058272Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:44.435{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=57555A7B538680437BADE93A0E39484A,SHA256=C7886E497A544EEE4C1C97CB2ED7DD748DDA9002C571BC618DA4ED578B985E10,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000059058271Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:29.900{B81B27B7-28BE-6193-7E00-00000000CC01}5272C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58088-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000059058276Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:45.888{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BDF770E34DBE1261261200CB102DA0A7,SHA256=2191A00BF2C0F23A3DA078CC6594905EE4EC49A1A8CB09553F55046C2BD80658,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873068Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:45.315{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=38E55DBCCD69396828EB0A95FE63C3D2,SHA256=0B229372EAD1C79FA048FA219E020EE68D34CDB81FC2C0956AB1EFC61AE4957E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000059058275Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:31.100{B81B27B7-28B1-6193-0C00-00000000CC01}644C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58089-false10.0.1.14-49672- 354300x800000000000000059058274Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:31.098{B81B27B7-28B1-6193-0E00-00000000CC01}824C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse10.0.1.14-61823-false10.0.1.15win-host-987.attackrange.local135epmap 23542300x800000000000000059058277Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:46.919{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=45C15909F9F80CD94528CEA6C644C3A8,SHA256=62687FC7ACF4573D812770868CF84E86B10A95771D2D88AD152CB814796A26AE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x8000000000000000115873071Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:10.753{3BF36828-98A5-6185-ED00-00000000CC01}2352C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local61824-false10.0.1.12-8000- 23542300x8000000000000000115873070Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:46.383{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C661F356ECA94311175AE527BD6E7E0E,SHA256=E7010FE03F7213AB4DC4EC493F9614FA86A8ED87FA195BF1996E742F83E9FF71,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873069Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:46.115{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=716997E8769CA79843675D8C8AE353B1,SHA256=334ADAFC5B2C21EA7426103002D183316B17238776CA893158DA65641F877CA8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058278Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:47.923{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=259F7A25917BC726C02B7ECE7CE26811,SHA256=053C3A77825D5D8DACF26D0DD5E6FBDDD1348F973B75BEC5208F1BB54CF85168,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873072Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:47.398{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=087B682E1875D3B2BC2B5E71B399F617,SHA256=2AC0312DD3E572FA967AD287905F323FADCE36C5AF07DE2B42C414FAA64859FC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058280Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:48.939{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7CB0F7E4887FB71E06DFBAD230C3DA74,SHA256=9B7F4C8A8DAA3F452FBA59D64654CC86231B372129AE656DDCDC4A827A40B632,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873074Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:48.581{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=9525F2614F8B14018414190612BDF892,SHA256=835250B8F39DA4E61836EECDE8DC7C48C662F57E5A0901E6E687E9A6EB89BB79,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873073Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:48.412{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=54D9E40F1A6A21AF6564D66538D8B50A,SHA256=3D6AAD85466010F374997493CCBFA6F48A716F9039796CB756D6A1B4BB4A6C1B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000059058279Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:34.900{B81B27B7-28BE-6193-7E00-00000000CC01}5272C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58090-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000059058281Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:49.955{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8F3642B2DF90BEDE831B05FAEF8602AC,SHA256=3E10A29DD2859842587F2B85BA4F2CEDBDB5F88FBB012BAA9EB595490C32B90D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873075Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:49.445{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=42E98F88DA6DBAEC248ADE67538B31AB,SHA256=9BDD7E29FFD86F0BF19C5D1602DF6DAE9ECD788EF2D78B230780432B91703F69,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058282Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:50.970{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=533615894F3D238893393FAE1D3D6471,SHA256=AA91FFBB9200A74D9C414E674504896C1F8F397FD30C0F7989F6AF2EE5ADA765,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873076Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:50.464{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=80747D0B9E7B413665635023D406E2E7,SHA256=877F4DC3BA89559B3BD41388AC17C1F1DBCEA36FA95E42696B4E2600DC5BD672,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x8000000000000000115873081Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:51.710{3BF36828-8A4E-6195-DEE0-01000000CC01}31245612C:\Program Files\Mozilla Firefox\firefox.exe{3BF36828-8A4E-6195-DFE0-01000000CC01}4364C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+381b0|C:\Program Files\Mozilla Firefox\firefox.exe+380a6|C:\Program Files\Mozilla Firefox\firefox.exe+49680|C:\Program Files\Mozilla Firefox\firefox.exe+4937c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115873080Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:51.679{3BF36828-8A4E-6195-DEE0-01000000CC01}31245612C:\Program Files\Mozilla Firefox\firefox.exe{3BF36828-8A4E-6195-DFE0-01000000CC01}4364C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+381b0|C:\Program Files\Mozilla Firefox\firefox.exe+380a6|C:\Program Files\Mozilla Firefox\firefox.exe+49680|C:\Program Files\Mozilla Firefox\firefox.exe+4937c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000115873079Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:51.642{3BF36828-8A4E-6195-DEE0-01000000CC01}3124ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\v9017qz8.default-release\cache2\doomed\8813MD5=3BEAD2D0325C3B90154ED9DA6A5A67E3,SHA256=E643060020911FEDC8EEBDBCBD9BAFB69394DABA1817539147E67A9CC6E3CA8F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873078Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:51.479{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=674D8733F4A1CC7A53DA5763709823A2,SHA256=55A2D1C3C535E28BB9F90DBA368228651308FF7D45F7CA893856C34678D80C12,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873077Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:51.144{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=AA652CFDBAF461296FB08E6ADD0511F8,SHA256=B52F0225B64DD63F9F4F3EF5D158F16CF2A20BB4F9D7F3BA995F25F6DE658096,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058283Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:52.205{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F6E767EF937773CFBDC2C286A0B5560E,SHA256=D7D4DA29B9992E4653E589664E83B69178D07126CD4B823E51E89D6AFE16F212,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x8000000000000000115873088Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:17.181{3BF36828-8A4E-6195-DEE0-01000000CC01}3124C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-128.attackrange.local61826-false34.117.237.239239.237.117.34.bc.googleusercontent.com443https 354300x8000000000000000115873087Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:17.161{3BF36828-97A9-6185-3200-00000000CC01}2360C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-128.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-128.attackrange.local63076- 354300x8000000000000000115873086Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:17.160{3BF36828-97A9-6185-3200-00000000CC01}2360C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-128.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-128.attackrange.local61797- 354300x8000000000000000115873085Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:17.158{3BF36828-97A9-6185-3200-00000000CC01}2360C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-128.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-128.attackrange.local58948- 23542300x8000000000000000115873084Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:52.509{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C5554FD9E93A1E5D5A8F47B2DFD4C611,SHA256=2F49421E6936078F02FB996B40A47A20497E0FECC3FD52BC6B6399B0612C0F0C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873083Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:52.509{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7588FA8E9EDC6EE94455760D5B0DF788,SHA256=D4CF53E898E8AE246B76B8D4328142EE6616A20C9EE60DFF3C88D09FEC9ABDDE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x8000000000000000115873082Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:15.781{3BF36828-98A5-6185-ED00-00000000CC01}2352C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local61825-false10.0.1.12-8000- 23542300x800000000000000059058284Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:53.377{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=258162B6484312CD3BFB79643DFBB247,SHA256=3FBC53CDD5757461DE16AA300EB25FD82C2C7B24FBC23B87C5885D17E39FC29A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873090Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:53.523{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F2D462D910652677D255D28F9329935E,SHA256=B984B7E16B6E2CD7244651C4F4C0E0E3851932411A3F61410A69712998A24C97,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x8000000000000000115873089Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:17.264{3BF36828-8A4E-6195-DEE0-01000000CC01}3124C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-128.attackrange.local61827-false34.120.115.102102.115.120.34.bc.googleusercontent.com443https 23542300x8000000000000000115873091Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:54.526{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=623CC66C92380D872797DE9492BE0F29,SHA256=5E3ABB78699857D30678E42607B04746A9709B1A2FE55F869B189CB5BE42080E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058285Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:54.564{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AADFF0199EC7E176810AF154A53C516E,SHA256=205E36504C6261223FAEE12C0317ECDBAE34E6A1E4B719CDD26765550B1A96E7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873092Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:55.579{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7E5AA36864988381EB56E8FB5EFBEF0E,SHA256=9F70817E1B42E66CB04C70C9592B3DEEEB41ED579FB04B9DF344813D701A78C6,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058287Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:55.582{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6CC94775A8076F7A9F89EA33A0BFCCF9,SHA256=037A2D4E0104EA6DD8F087D7BD2B75204FEF3DF6E2DA5E3DBA7337776237AABF,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000059058286Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:40.826{B81B27B7-28BE-6193-7E00-00000000CC01}5272C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58091-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x8000000000000000115873095Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:56.626{3BF36828-8A4E-6195-DEE0-01000000CC01}3124ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\v9017qz8.default-release\cache2\doomed\28407MD5=DB08E99857008AE717DAA4FBEAF9F368,SHA256=2D53479C18E654BA7F8ACAB7FEEAE7D0A0E36DEEE8490E0C08919C93FAD55A8D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873094Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:56.610{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2B2584C4585EC8C2D30D27D264D32CDB,SHA256=F40D4210E15B29A0A24F611DB70380D6C8655C269AB3879848AACBC5921062E9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058290Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:56.595{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2B80A2DC0F063AB7D2E77BC0063C9B12,SHA256=341BEECC4AE058989D1A7C0E850D700A38DFDF77E360AD99FFFC2E8F2BC2361B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873093Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:56.179{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D8E1A9908CDBBD74EE29D68B65D51B69,SHA256=AB959763706CF0721E66F5A241A579A83FA4EA076788BC0F27B0C6EAFAA17514,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058289Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:56.424{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D54DBF4741555D9BE786996EFB8E2E21,SHA256=2FB0B7DC0B5BE58AD599E33FE014613CB9AFB6AFD63EB0D9801529C5B040E63D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058288Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:56.424{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=27E2D36DB815931F06A0A2DDD2E24BC7,SHA256=096DFC01102649E775CCBEA905D25DB8BC4439F36CCC04117A17D1D705366386,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873097Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:57.625{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FD1BE3851AF9B95E268198EC8760F06E,SHA256=1F3FB9E8AFE3D4EE5A3C91B4188CF97D9F1BF878B355631C04120E768FCFF931,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058291Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:57.611{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E289BCA62FF50BD68F4BAC14CCE3BA15,SHA256=FE9935A22EE32AD9A9131F831A07B9FD29FBE02E5B5A4780515811DD2C8A937E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x8000000000000000115873096Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:20.816{3BF36828-98A5-6185-ED00-00000000CC01}2352C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local61828-false10.0.1.12-8000- 23542300x800000000000000059058292Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:58.673{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=206E8A6BBAACB348E8612ADCED0917DE,SHA256=1E5A567873C082E87F67DE824F8D4C3C327D1194330EB9D513E8BAB98C6EE3DE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873098Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:58.642{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A3B7A7363596A2028DDB08BE33F661FA,SHA256=36B84DBE7A9BE4DDBF12C7E19DD74F5F773CBD2D07003158E832022DC2DA89F1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058293Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:59.877{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=36ADDF240A6FEBED938353B3E5A41F06,SHA256=0A18DAE48D573D5EA87276CC58E2EB0544A417050ADC3828DCC61E47491C2C83,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873099Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:33:59.660{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9C968591D93688F76469B9FE36133FD5,SHA256=308CBFF6F5A7F27A65FFE177745A9072D104F585B2464C99F590D90A30B0D2BB,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058294Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:00.923{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=12DA94EDE7237E26EDA1BDFE560AFC76,SHA256=7233995695964349105B8D25C7D2BC7AE4559BD0D219FB093B6AD8FE8A6DC371,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873100Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:00.690{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9C8A9C173D711EEE41C2C73D6DB32E50,SHA256=5522A6E4E08A59B38D761D9A3ABF2A4A74EB8D0F4139FDBE1DCB1B842BA489ED,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058296Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:01.970{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A0EE566B821E07DEE721A87D2388B94C,SHA256=94A522437A1B505A6EC37F23673B0DA1629C0A1C849E5D7378A8A20217D888D0,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873101Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:01.738{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B5D2CD61247F299EB14E4B0A968795D6,SHA256=5F2EBE22B3BE12E54FAA8128C2D99B4A0938021A651EED2C85EA7514231BFB8D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000059058295Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:46.795{B81B27B7-28BE-6193-7E00-00000000CC01}5272C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58092-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x8000000000000000115873104Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:02.838{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FB4184465B6DA5AE0BFBFC0C5420D5D6,SHA256=F3088EEB8E692C5313CCE4DCDA3811B0C3D0AA249358C53C9E021CFA3237A0E2,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873103Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:02.138{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=28A3B1D5FBABF23A0DEB3407EDA54F69,SHA256=98CD4C54EDB886079EC7BD041FC54A0444A4FB6D8C4DBFA250D4011E93F8CF3D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873102Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:02.138{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=6A788FD806C41DD31877B215F2507A8B,SHA256=CA7312A04EDB1BEB9576B87BC551A9D8EBF8A05A867C6C0C0958FE400A4D0FAE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873110Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:03.873{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BE8C87D8FEE5E9F472689D95F645AA00,SHA256=4A54661F0F9D1EF3DB45278F51ECB43628011FEB5338E1DC6AC45A27B0781E11,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058297Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:03.111{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9C0C3D49B8C8BA25D8951FBC4E839003,SHA256=E790582B55E6A4610DA5F8826A998E0B022661EB6AF315FB7D9B7B7D94795679,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x8000000000000000115873109Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:03.839{3BF36828-9797-6185-0B00-00000000CC01}6364356C:\Windows\system32\lsass.exe{3BF36828-9792-6185-0100-00000000CC01}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 23542300x8000000000000000115873108Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:03.589{3BF36828-8A4E-6195-DEE0-01000000CC01}3124ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\v9017qz8.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmMD5=B7C14EC6110FA820CA6B65F5AEC85911,SHA256=FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873107Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:03.589{3BF36828-8A4E-6195-DEE0-01000000CC01}3124ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\v9017qz8.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shmMD5=28F7A7F73AB21C10AB30E19826728864,SHA256=7EA241E73050CED40E33283D46E7E4BB5F1E96277815ED9814EE5A772F7C9BE3,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873106Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:03.574{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=28A3B1D5FBABF23A0DEB3407EDA54F69,SHA256=98CD4C54EDB886079EC7BD041FC54A0444A4FB6D8C4DBFA250D4011E93F8CF3D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x8000000000000000115873105Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:26.774{3BF36828-98A5-6185-ED00-00000000CC01}2352C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local61829-false10.0.1.12-8000- 23542300x8000000000000000115873112Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:04.876{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2C6A9A82466321C68A2B5499B40D3C44,SHA256=88FED7A2683E9A060D45A6BE3CD1D8FC708A9A9FC04758636533C95C23E12E87,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058299Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:04.267{B81B27B7-28B3-6193-2C00-00000000CC01}2332NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=9D45E1BDB6F237A6CF51FFC6A12E6130,SHA256=87EEE278CDF62B2B86AF9CB87BDB04BAFB10272CEA175D83979B0C43158C5AB9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058298Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:04.220{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4C30FEDB98427864DAEB5BAB0E8A497F,SHA256=EBF36B09AE4DBE2D34D3CF5FE89E647837B434ADD1F38BF01BF7FF37B69C9B30,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873111Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:04.845{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=AC5366A8A34606BBF20875E9F6A08484,SHA256=156E170C08328335829070B822CA54724F8739FFB175CDB4DB92EF5610A47D8B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873115Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:05.922{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0C2B0BAF43B18159F0A100B35062E62A,SHA256=36014C01A330972D7CFF1FD858862A3D9BFE15252FD223E2421E0D963E85B571,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058300Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:05.377{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C427679AF00055BE34AC89A6EB125C57,SHA256=E3DD189257C56B5619A3E0C4A43B7CAF3265B163BD003FE128C7137BD23EBE97,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x8000000000000000115873114Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:29.491{3BF36828-9792-6185-0100-00000000CC01}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:b574:557a:2d92:ce61win-dc-128.attackrange.local61830-truefe80:0:0:0:b574:557a:2d92:ce61win-dc-128.attackrange.local445microsoft-ds 354300x8000000000000000115873113Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:29.491{3BF36828-9792-6185-0100-00000000CC01}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:b574:557a:2d92:ce61win-dc-128.attackrange.local61830-truefe80:0:0:0:b574:557a:2d92:ce61win-dc-128.attackrange.local445microsoft-ds 23542300x8000000000000000115873116Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:06.940{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7158939CB59A39996D8A857332D556DE,SHA256=B934B4120B80534CE4D5B5DF302AAFF42DAFD4113D83B1467D32E22803F4FB44,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058303Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:06.392{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A1B63FECD9B7D63E6ECAE6FDEAA97AB2,SHA256=224CC1FC08AE16FBA82E46AC0247A0DD1EDB2A28C1A2012CDE8022A5C228C59A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000059058302Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:51.936{B81B27B7-28B3-6193-2C00-00000000CC01}2332C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58094-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8089- 354300x800000000000000059058301Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:51.858{B81B27B7-28BE-6193-7E00-00000000CC01}5272C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58093-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x8000000000000000115873117Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:07.980{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=40A29600385DE5E0AB31EA8A5E3C93A8,SHA256=C02296083A34BB4F7B1780A4BFFBE83CCAEC9937C0DB30E5EB78C209149A6B85,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058304Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:07.425{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CCD3C26D48344DA92014B5F85DC2F60B,SHA256=CAB72A09AFC8CB8B3B246CC3C28D95A4AAAA87AAA2C66C3FAB78EBC7533D5D01,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873120Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:08.989{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=10185B7B0200B657B6E3ED10CACC65D6,SHA256=6F3520E92490085040871051B9471DB34081FC8B6A8E156670BCBD8727D245DB,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058305Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:08.647{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9F013FD8BECDE81DCD2C5A95173931EC,SHA256=A55873294FD08FA43E391718D4466D54C7B936FEDBBFC23EEE9427E7617FD609,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x8000000000000000115873119Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:32.729{3BF36828-98A5-6185-ED00-00000000CC01}2352C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local61831-false10.0.1.12-8000- 23542300x8000000000000000115873118Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:08.090{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=6E9C8AD7DA754FA29716205459C70394,SHA256=AA20E9E93D53C9A631340A26898FFED0D36B3B0E3C83225828148B9766F308D8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058306Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:09.651{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A2593B79B5A843F84999EF9C1091775C,SHA256=B7307D567E5C4D6D56FD9B094CD51849C389FD40CB6912D6F02C2806046D1873,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058307Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:10.666{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=949E10BAD5234A71826088003681EC45,SHA256=EB4EDA5FB14237F6FE81DDEAC4AE59151352087488EE0AFC389CA1B881B87BA2,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873121Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:10.004{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CE296F927493A7A06272F97F720D2786,SHA256=51DA538FD396C8B6410B22923489FA002674522D3ADC37289DFA29F0993F51A0,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058308Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:11.713{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=71B9A5A8332394F8977F4B4C07B97142,SHA256=2C94C5EE16E439A850EEF769FFAAE3F48869354F932AB9880BDABBFF727B7C4B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873122Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:11.040{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=907988014895EF8DBF746204B1F59727,SHA256=4C378A4415032A63AC44CA6089B8F5F47632B5FCD609E64175235C96BE90F9FB,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058310Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:12.744{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E04AFD4426A657DF8C4C7B978E203E82,SHA256=F1A57F9337F72AEF8689FF6DA419E0D44FCAAD1B9571136FB9EA08F2842082D3,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873123Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:12.055{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A590F6108FB58684E99067602C23CCA6,SHA256=5B58074C0F1E0F0A07E80DC3828EDC6FF52D407B698654996ADDCED21FABAD16,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000059058309Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:33:57.912{B81B27B7-28BE-6193-7E00-00000000CC01}5272C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58095-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000059058311Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:13.963{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EF2AA9E1E97D3670671C274DFCB8FE9F,SHA256=756943D1237985593B7A863536649D097A3903975B413E020683E5E4CBDE3861,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x8000000000000000115873127Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:37.771{3BF36828-98A5-6185-ED00-00000000CC01}2352C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local61832-false10.0.1.12-8000- 23542300x8000000000000000115873126Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:13.154{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A395655E75F1EE5A41EB9383293D92C5,SHA256=619D467B6EE623EF628C06C44D8CAE4648A771215C216D3BF7C2AA8054C5B8DF,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873125Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:13.154{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=CD81938AE5981EB54A06E45B05557BCD,SHA256=6FAAF7E655FFC6785F64F70559E0FE76B2EEDB6B548EB67DE4E628B39F9F852C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873124Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:13.070{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CB8D1CDE8F35A074DBF0969319898B67,SHA256=5751AD78AF7ABB12D29DB0AC372E7C7838A57CDC799F39545DE3CA68AD9E6D0E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873128Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:14.084{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2A72FC140CED708211CFAF40684278A3,SHA256=9DE9B4149B79439985967358E84AE08F7ACBC6B16AD6302DCAAD45724FC17FC9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058312Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:15.197{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=62678F818FB807EC3B2F0BFA1B2CA1F8,SHA256=DEDE5E758378DEE84E405EDB0D717834C57B40E22BBD174F7A0EF41EAD1928B0,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873130Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:15.667{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A395655E75F1EE5A41EB9383293D92C5,SHA256=619D467B6EE623EF628C06C44D8CAE4648A771215C216D3BF7C2AA8054C5B8DF,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873129Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:15.099{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=84456C221B9DE7789662EC295E2EE941,SHA256=2079D97802E208FBC2DFCE755EC1D714CE7EA9E6AB5CE5190BC5DCC3DDC094F3,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000059058314Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:02.944{B81B27B7-28BE-6193-7E00-00000000CC01}5272C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58096-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000059058313Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:16.228{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2CACEB5A087F9CB6CC6ED16179773986,SHA256=01603722B9C2D28ECC7DB8FEE72178D8E609D22DDE9AB9CDDB0B5F290C8544B1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873131Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:16.114{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2F72E5B291F9B98079B5AB1D4A595D44,SHA256=4176F5AA7522137ABB6625DC8267FF9B5A48A0959357561D89AE28B276DB4690,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058315Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:17.338{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6E3B231468B0C1113BBB2B2EC2486D0D,SHA256=E9BE8BA188C293F673460BE7662370373AB099180B9DB2FE247255BAC9F1B048,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873133Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:17.682{3BF36828-9799-6185-1100-00000000CC01}424NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=FC995DC3DCB5ECE2301D85A508AAFCB3,SHA256=07030F20E49ACE37D8B18371F381424062E6D160D05527382291982960EF10E9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873132Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:17.132{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BAFB889BBCEA79534C2EF7BE23C4B662,SHA256=90C33C61E9EB1639343441719912DB55C8081448BDE127840B648BD05C3FFF9B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058316Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:18.338{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F80E867162282E7C848644625AF47CF7,SHA256=75908A696CB02CF92175AE6F0130B82C11F7C1235A1D6B79B37CD92939CA6216,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x8000000000000000115873136Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:42.821{3BF36828-98A5-6185-ED00-00000000CC01}2352C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local61833-false10.0.1.12-8000- 23542300x8000000000000000115873135Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:18.182{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=3835478400EC746147AB9D1BED0F71D1,SHA256=1B1A80AA9B8537236D6AA463073562FC64BEA86379339C998AAE71A816E7E387,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873134Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:18.151{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FC5EA986B1455E5933309C1EA042A357,SHA256=BCD60991264A68CF279885E8B0D68561629D4D5CC14A9A33F97D5AF4682C37D7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058317Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:19.369{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=05B3A447C20BC08F969A32ABAEDEB562,SHA256=B204AA3CFD655C5651764807D4E6ABA972F1EB2E2C9216E9C90370747E71317B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873137Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:19.165{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FD699966AB63595DB1A9A514B28BF261,SHA256=67C25285AD02708A0CFD8C6F6EEEB724763BB1344C02067ACDFAE4518D8C4956,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058318Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:20.478{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F3594EA80AD2BEE80AD796155798D494,SHA256=1767B12114D41C2E3109F219560C7711C0162F25FA4F4696D97206114F70FF5E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873138Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:20.195{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7EE06E26C387E0267798009E501FF5CB,SHA256=CA421C7F2DDD6BE4DAFC9BD58012F4B98F44EDC231970E2E9EAB0DCE0CEE5066,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058319Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:21.697{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=375E01FD416DDE2590B80AA678FB30A1,SHA256=3034206D48A079A57D1E9569414CFB62C8A8F4F91796380E6D95850B6701B127,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873141Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:21.993{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=BFE94EAD131A2EC4D50CE67F0DFB75E4,SHA256=ABEBA27F8F97AA087DB4F85C14B243D1CE55440070208E3C021D830B532ABBCD,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873140Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:21.228{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7E05D3AACD10B0A9CD8F5A25E4576BC1,SHA256=C149B5952D021856ACB305707DDE000E2A2F285021C8ED7D33BD1810ADA63A50,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873139Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:20.994{3BF36828-989D-6185-BF00-00000000CC01}2968NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=9D45E1BDB6F237A6CF51FFC6A12E6130,SHA256=87EEE278CDF62B2B86AF9CB87BDB04BAFB10272CEA175D83979B0C43158C5AB9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000059058321Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:08.944{B81B27B7-28BE-6193-7E00-00000000CC01}5272C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58097-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000059058320Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:22.713{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=376C585D30402233289CD6EB3B95125D,SHA256=5EB2CB3A471CDDF8C3ACEB0DB018928DA80F5EA2A477CD53AE9422BF49DE2A24,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x8000000000000000115873143Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:46.632{3BF36828-989D-6185-BF00-00000000CC01}2968C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local61834-false10.0.1.12-8089- 23542300x8000000000000000115873142Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:22.261{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B709A3331CAF2D9F2CE4937E1B08BF1F,SHA256=874DC858EB38D42A77B4816E60921F9EA28AAD59357A363AC16391D0A5F2BC00,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058323Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:23.744{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5E184F97044FA2BC7A07F05957D8C439,SHA256=9FC91467810FC3CB7D3623BE123B92C5F735BE312FEDE8055DFC3661D666ECE8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873145Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:23.591{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=43431B24B6CC39E87F5A059A76F5D370,SHA256=4764B8AF9E28B6BE14FF3D6278FAE3AD06896CA031AED6414838C0A5E84F5CD6,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873144Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:23.291{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7685EC8CF6F109CB0598C5A40556E5A2,SHA256=9A820733261EE247989EE8D07774334CA0553A047F6F96971D278FFE6F41B595,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058322Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:23.103{B81B27B7-28B2-6193-1300-00000000CC01}364NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=C736DBA988D61CBDEBE75673327AC805,SHA256=AB7D99F5C62BF75C2FC512A602885A5D7512D16E22C70B63A7C1CAD91DD982BB,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058324Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:24.760{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=336FD0CD1164B94FE93C16559722EB01,SHA256=EDB928C7A9154E730C3F86A407FEBA1368F8882F3895BCF6E7973D541152FB1C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x8000000000000000115873147Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:48.714{3BF36828-98A5-6185-ED00-00000000CC01}2352C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local61835-false10.0.1.12-8000- 23542300x8000000000000000115873146Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:24.306{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9F596C0D4D9E266125DCBB89E055365B,SHA256=85655321E0621E7606EEF04910EC09C7BC75C8CD3EFC10E3EBCD840F58C13B0E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058325Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:25.963{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=01BE819E68F5AAAAD661E8DFEF3904F3,SHA256=BF2A548AAB5E6410C83066C47D2D29D31F7C71226C3EC4D5D38E68D7DD17DC0D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873149Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:25.800{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=E583C4F78A06C3000984C6858AEE9D9B,SHA256=F2FBCD330F745DCEF4AF9529BF86500666E80271A986F829FDFEC8A56EB9B3A1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873148Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:25.318{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DE263A1F2DD72FEEC4A510F4C6AC86AF,SHA256=6E097877EAC7F9AC9FA597E438EAD70D18C055B1041E6A1E7F2E6AECE73902AA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058326Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:26.978{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=00F61005CBA936BEA6EFEFDA81270DAC,SHA256=D6528D22227923391DCFD96E0DA523278667495BAD0F68FCA0D3C18242EF8DCF,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873205Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:26.994{3BF36828-8A4E-6195-DEE0-01000000CC01}3124ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\v9017qz8.default-release\prefs-1.jsMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873204Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:26.464{3BF36828-8A4E-6195-DEE0-01000000CC01}3124ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\v9017qz8.default-release\safebrowsing-updating\social-tracking-protection-twitter-digest256.vlpsetMD5=B50CF628E0082A7840D84D0CBE1CAD48,SHA256=544DF79BCEF9DC8E082021E342C2A1B12CD0B8BDAF3687E0F23785406EDF33AE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873203Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:26.464{3BF36828-8A4E-6195-DEE0-01000000CC01}3124ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\v9017qz8.default-release\safebrowsing-updating\social-tracking-protection-twitter-digest256.sbstoreMD5=F130C472E963FF3CEED251C65964B927,SHA256=E5D2A5BBE8AA43751EF7F7BC3A817A0963D56272A4C9B6055E60929606186CE2,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873202Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:26.464{3BF36828-8A4E-6195-DEE0-01000000CC01}3124ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\v9017qz8.default-release\safebrowsing-updating\social-tracking-protection-linkedin-digest256.vlpsetMD5=5F93E0F827909390D257EBB27C77F392,SHA256=5BCB684F3EE3B2EC2F4945655FBEF281C487399D6BF90451647DB1761715D4C8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873201Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:26.464{3BF36828-8A4E-6195-DEE0-01000000CC01}3124ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\v9017qz8.default-release\safebrowsing-updating\social-tracking-protection-linkedin-digest256.sbstoreMD5=9275B832091D9E3BFE50898A3BE022B5,SHA256=38C52A5435B625083000A054489B95E033F7B352377510DF668CEE749DE5803E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873200Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:26.464{3BF36828-8A4E-6195-DEE0-01000000CC01}3124ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\v9017qz8.default-release\safebrowsing-updating\social-tracking-protection-facebook-digest256.vlpsetMD5=8AC8A05028631170937EDA4CF0E0A35A,SHA256=456AB2C0E4E117D62DC529362EB22C725D410098868442729ADE5E4FF0822E78,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873199Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:26.464{3BF36828-8A4E-6195-DEE0-01000000CC01}3124ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\v9017qz8.default-release\safebrowsing-updating\social-tracking-protection-facebook-digest256.sbstoreMD5=7BBA9B83F0F213C5A723209D4C9962CE,SHA256=E1B8E7DEB0F34EEB6BF4D10E47E734A1FE829C365DF360B98646D7E11F2DD4C7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873198Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:26.464{3BF36828-8A4E-6195-DEE0-01000000CC01}3124ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\v9017qz8.default-release\safebrowsing-updating\social-track-digest256.vlpsetMD5=16BF2AA546411BA25DC80EA288D47143,SHA256=524EC56C023155C7BE4C84D5AEC4FE2D85DFBAB3C2FA27F82BCD35028D546F83,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873197Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:26.464{3BF36828-8A4E-6195-DEE0-01000000CC01}3124ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\v9017qz8.default-release\safebrowsing-updating\social-track-digest256.sbstoreMD5=69EE5B232870704AFCC0E8957AA42A0F,SHA256=EC8DF5279022B68C0B542EC1688889374754106DFADBF7CAF8337E3F98865941,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873196Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:26.464{3BF36828-8A4E-6195-DEE0-01000000CC01}3124ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\v9017qz8.default-release\safebrowsing-updating\mozstd-trackwhite-digest256.vlpsetMD5=83BCEF27E5B36115C2ADBA73CE9A7D2B,SHA256=3F68B0FEFBD484094D6517761B2DC13C6A430DDE3B44FA6CCACA3E39052D2AAD,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873195Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:26.464{3BF36828-8A4E-6195-DEE0-01000000CC01}3124ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\v9017qz8.default-release\safebrowsing-updating\mozstd-trackwhite-digest256.sbstoreMD5=177BC07ECED26CEBE0441C318BD35BB8,SHA256=2A816C802C006DF75CA86E1497E4CF05DFB0F07DB0CD31C0EC30EDAF92C2DF75,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873194Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:26.464{3BF36828-8A4E-6195-DEE0-01000000CC01}3124ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\v9017qz8.default-release\safebrowsing-updating\mozplugin-block-digest256.vlpsetMD5=FCC9C2C9B611A3264B68EBE180EB4248,SHA256=6ECD378A537EEFE350B45CFA353741383F407D99D776BF23155A7825DC5DD2BC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873193Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:26.464{3BF36828-8A4E-6195-DEE0-01000000CC01}3124ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\v9017qz8.default-release\safebrowsing-updating\mozplugin-block-digest256.sbstoreMD5=519BEB1B01FC355BB388F1F75BE997FD,SHA256=FFE2D3077B81AE6F51B220C1C661B276C823FA67DAD1D64FC5F17249FC54BDC0,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873192Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:26.464{3BF36828-8A4E-6195-DEE0-01000000CC01}3124ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\v9017qz8.default-release\safebrowsing-updating\google4\goog-unwanted-proto.vlpsetMD5=56146F28791B2F3BFADD49B68B8E5EA2,SHA256=7EEB44385D73C67E46BB17BD57C3003A8AD06FE110FE2340B13A852B39F88C0E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873191Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:26.464{3BF36828-8A4E-6195-DEE0-01000000CC01}3124ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\v9017qz8.default-release\safebrowsing-updating\google4\goog-unwanted-proto.metadataMD5=51B800E42D798C6119A3E60DAC25C931,SHA256=C0777DC438ABA3FBA2882A67B53B3BE0E588823F4E9B3819C3A5FC5A22755E3B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873190Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:26.464{3BF36828-8A4E-6195-DEE0-01000000CC01}3124ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\v9017qz8.default-release\safebrowsing-updating\google4\goog-phish-proto.vlpsetMD5=CAE2B5A98CDE7868D184F17A482B97F5,SHA256=B4495828792E6370EE95ECB06FE97F35434D60D0D16FFE221C28C2166BA81A36,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873189Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:26.395{3BF36828-8A4E-6195-DEE0-01000000CC01}3124ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\v9017qz8.default-release\safebrowsing-updating\google4\goog-phish-proto.metadataMD5=DC67D76813FA38DB35D0423ADA678315,SHA256=C24492071613C42F0BA764178E68F9658CED6AF936BD79EA5FC1D4E2D852C4FC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873188Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:26.395{3BF36828-8A4E-6195-DEE0-01000000CC01}3124ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\v9017qz8.default-release\safebrowsing-updating\google4\goog-malware-proto.vlpsetMD5=AFFFFE28DA3B73FA54C550F559F1BE14,SHA256=7C6B30999E659CE30E3F5FA4CABE5C6203D178A37ACBDD5D2C57B076EA360F1D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873187Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:26.379{3BF36828-8A4E-6195-DEE0-01000000CC01}3124ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\v9017qz8.default-release\safebrowsing-updating\google4\goog-malware-proto.metadataMD5=5E0E332CBEF1778798C8F109FC0F34D3,SHA256=EEF7F6DC1ABDC4079589D056FE7750AD1D5DBFE5BC6ECE4177BF98A8A22DF6DC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873186Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:26.379{3BF36828-8A4E-6195-DEE0-01000000CC01}3124ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\v9017qz8.default-release\safebrowsing-updating\google4\goog-downloadwhite-proto.vlpsetMD5=B0272F5CF9F56F11C856155DC5F40BE1,SHA256=74AB81A1929A8806D559A13140947F076CABA52BF882364C416EF4D8E9B155F4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873185Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:26.379{3BF36828-8A4E-6195-DEE0-01000000CC01}3124ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\v9017qz8.default-release\safebrowsing-updating\google4\goog-downloadwhite-proto.metadataMD5=D97B8BDA72EA926869FE6F6DC9EC692E,SHA256=6F22C20964D5A6C282F52BCADD27A1F880DE8132C81A9DE079405958D0F0FBFB,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873184Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:26.379{3BF36828-8A4E-6195-DEE0-01000000CC01}3124ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\v9017qz8.default-release\safebrowsing-updating\google4\goog-badbinurl-proto.vlpsetMD5=DD04C305B6EBF98227545E0B12E913BA,SHA256=1CE17A517239CE66E0A1C4BD93C1B12CD3F8A2CD4013963E42A95CB6138B80A3,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873183Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:26.379{3BF36828-8A4E-6195-DEE0-01000000CC01}3124ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\v9017qz8.default-release\safebrowsing-updating\google4\goog-badbinurl-proto.metadataMD5=D5DA9021BDDEDACCBADF02115C602711,SHA256=7E62EEAFAF42FE595397140A4338D5322EF42706638B0DA3F742B01429C3C994,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873182Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:26.379{3BF36828-8A4E-6195-DEE0-01000000CC01}3124ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\v9017qz8.default-release\safebrowsing-updating\google-trackwhite-digest256.vlpsetMD5=E54E5B84194EEE15E64D2A03F1136BB7,SHA256=07707B589BE3DBA3BB0BDAC67760A2B180EA3531E9D7976B73E4C1D8DF9DBB1E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873181Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:26.363{3BF36828-8A4E-6195-DEE0-01000000CC01}3124ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\v9017qz8.default-release\safebrowsing-updating\google-trackwhite-digest256.sbstoreMD5=FEC9BC354A7EE92C6FEEFE63E6B0FA26,SHA256=258EF8E6994A09FFB54BD0D5AFEC97C13C31F2EEFB7FE90A2A4C487C87817519,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873180Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:26.363{3BF36828-8A4E-6195-DEE0-01000000CC01}3124ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\v9017qz8.default-release\safebrowsing-updating\except-flashsubdoc-digest256.vlpsetMD5=0C0D67875BD75A0227C02DD8529BA01A,SHA256=614BE0169EC36E67223EB9645A98DA66DBFDE5DFBB89BB064F428AAEABDD9D97,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873179Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:26.363{3BF36828-8A4E-6195-DEE0-01000000CC01}3124ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\v9017qz8.default-release\safebrowsing-updating\except-flashsubdoc-digest256.sbstoreMD5=22698B4CF784DBBAE2D583F00491D43D,SHA256=3849563088AE0677D61702A1310FDE26DE5DDD846D53037222D3EFE012197BF5,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873178Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:26.363{3BF36828-8A4E-6195-DEE0-01000000CC01}3124ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\v9017qz8.default-release\safebrowsing-updating\except-flashallow-digest256.vlpsetMD5=7194B6BFF691A056852A51E2E06CE8FE,SHA256=CBE2DC6ABFE25BEAD60F4DFAF419FC0F441FF8A8DD4A2FEBF5553BE1CBD90C49,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873177Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:26.363{3BF36828-8A4E-6195-DEE0-01000000CC01}3124ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\v9017qz8.default-release\safebrowsing-updating\except-flashallow-digest256.sbstoreMD5=DD0458514C9A922B45DA6A8BEBE47320,SHA256=D27D5B27030F4725249377951BEB89E84A90A0E8241F0D5FD80EA59C1606E761,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873176Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:26.363{3BF36828-8A4E-6195-DEE0-01000000CC01}3124ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\v9017qz8.default-release\safebrowsing-updating\except-flash-digest256.vlpsetMD5=C2994D388F8780C87D35C352D9582985,SHA256=7ED09F7D2BD632F70077A4AE4F2BD2F3FB654B03CD72652F51678B0C7D027F25,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873175Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:26.363{3BF36828-8A4E-6195-DEE0-01000000CC01}3124ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\v9017qz8.default-release\safebrowsing-updating\except-flash-digest256.sbstoreMD5=D5D6B4D59B4AE4E2DE4B40D0DA083571,SHA256=000E3A78C72A210CA3B5417A3CDD294FBCE2A31661601C9D594C75CF2800571C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873174Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:26.363{3BF36828-8A4E-6195-DEE0-01000000CC01}3124ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\v9017qz8.default-release\safebrowsing-updating\content-track-digest256.vlpsetMD5=07FF16BA9846838DA27AE094A1B91369,SHA256=DC83AE90504AC11C29876CFC48483976397E899958EE8EDE7F381971A2C2C4B9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873173Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:26.363{3BF36828-8A4E-6195-DEE0-01000000CC01}3124ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\v9017qz8.default-release\safebrowsing-updating\content-track-digest256.sbstoreMD5=1B9A162CEB3C7BE8393CE348F35A4564,SHA256=2D6B6351BD1B8C2047DA1854D0033EE6C5CD9F1BFE38C5E1A2B82C86AFE8A598,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873172Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:26.363{3BF36828-8A4E-6195-DEE0-01000000CC01}3124ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\v9017qz8.default-release\safebrowsing-updating\block-flashsubdoc-digest256.vlpsetMD5=40165280FF1345B5241EC2A9D1DA2AF0,SHA256=F80BDD5341D8B1EE946E344E258EF2D35C3C0BB6B13EB7B3E6A77467DFA8B97F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873171Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:26.363{3BF36828-8A4E-6195-DEE0-01000000CC01}3124ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\v9017qz8.default-release\safebrowsing-updating\block-flashsubdoc-digest256.sbstoreMD5=B9556D03AFF392142AD5691D2F867310,SHA256=CFD3909B41C1EE3CBCB8B7D2B1378065E7D3B543FFF1F2FB7A4F25C5FF41722C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873170Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:26.348{3BF36828-8A4E-6195-DEE0-01000000CC01}3124ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\v9017qz8.default-release\safebrowsing-updating\block-flash-digest256.vlpsetMD5=130B9AC2BEEC5ADA274561105D81AE36,SHA256=7D99FEC08182A5B95D18D1569EDAA2C60C2AAFBD15A56D8882F22F3B395E6460,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873169Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:26.348{3BF36828-8A4E-6195-DEE0-01000000CC01}3124ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\v9017qz8.default-release\safebrowsing-updating\block-flash-digest256.sbstoreMD5=9F6B331AA1E070DCFEED473E76CE56C3,SHA256=7DBBEA2DD387EEB85E1F56E02FC9989ACDE570CD43BFEF2C2A827093BA87DA6D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873168Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:26.348{3BF36828-8A4E-6195-DEE0-01000000CC01}3124ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\v9017qz8.default-release\safebrowsing-updating\base-fingerprinting-track-digest256.vlpsetMD5=0DBA6F5178E8433D0EED8C5BB5223635,SHA256=262DCBF46B0C20468B29D2908412070388B9BAAF0AFED3693245F92E61E5DE00,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873167Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:26.348{3BF36828-8A4E-6195-DEE0-01000000CC01}3124ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\v9017qz8.default-release\safebrowsing-updating\base-fingerprinting-track-digest256.sbstoreMD5=D65C0F2F756552800930D7EDA0264C0B,SHA256=67606ECCDB4FA978F4795C2ABC47767824C6D5AD65C3EE02E0E7445A31CF37CD,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873166Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:26.348{3BF36828-8A4E-6195-DEE0-01000000CC01}3124ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\v9017qz8.default-release\safebrowsing-updating\base-cryptomining-track-digest256.vlpsetMD5=82E921320B62879B070EBE9D8F1F4256,SHA256=A781BFF04964067CB06EA80DA605A4A2837F7256580693C6DBDCA971D8C9BDB0,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873165Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:26.348{3BF36828-8A4E-6195-DEE0-01000000CC01}3124ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\v9017qz8.default-release\safebrowsing-updating\base-cryptomining-track-digest256.sbstoreMD5=BB9BB51CB484CC5719D210D53CF37762,SHA256=1903A36C25AEB3C61953484ED931ED52AB4A3BD13FCC38046154A6681472D499,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873164Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:26.348{3BF36828-8A4E-6195-DEE0-01000000CC01}3124ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\v9017qz8.default-release\safebrowsing-updating\analytics-track-digest256.vlpsetMD5=AFD5A023DF4245E323E53D47A0BF9414,SHA256=FEE63ABE7743CA680B6C96024D9EE023C10F7C9BC1929231A663A55A79EF5D59,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873163Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:26.348{3BF36828-8A4E-6195-DEE0-01000000CC01}3124ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\v9017qz8.default-release\safebrowsing-updating\analytics-track-digest256.sbstoreMD5=80ED9689AB372AAC91B47B347AE5A3BD,SHA256=253E054323EF5921475DD6DFC92942944B17AD7F18FCF851C44F165687F845AB,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873162Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:26.348{3BF36828-8A4E-6195-DEE0-01000000CC01}3124ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\v9017qz8.default-release\safebrowsing-updating\allow-flashallow-digest256.vlpsetMD5=DE0D88480C24350C59E1E9A3583DE0D1,SHA256=01BA9F0B913E04ED10BD7166796483DD4F72005F249D6EE68B12117BE4B5D3C7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873161Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:26.348{3BF36828-8A4E-6195-DEE0-01000000CC01}3124ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\v9017qz8.default-release\safebrowsing-updating\allow-flashallow-digest256.sbstoreMD5=DD0458514C9A922B45DA6A8BEBE47320,SHA256=D27D5B27030F4725249377951BEB89E84A90A0E8241F0D5FD80EA59C1606E761,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873160Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:26.348{3BF36828-8A4E-6195-DEE0-01000000CC01}3124ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\v9017qz8.default-release\safebrowsing-updating\ads-track-digest256.vlpsetMD5=10DF08FF9D77ACBF8F2BFB88B4BF1E3E,SHA256=4CC64D82E2EE876BA287302C877554B9D226416AF66CDF9C0350DBB845433881,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873159Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:26.348{3BF36828-8A4E-6195-DEE0-01000000CC01}3124ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\v9017qz8.default-release\safebrowsing-updating\ads-track-digest256.sbstoreMD5=E1E560A4EAE533286AEA5189E628BBCA,SHA256=0E5F9C474D34A165AF58EFB90E76E2CEDAE8A3E4FC29A6D9B9E2CFAEACD88A0F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873158Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:26.332{3BF36828-8A4E-6195-DEE0-01000000CC01}3124ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\v9017qz8.default-release\safebrowsing-updating\google4\goog-badbinurl-proto.metadataMD5=D5DA9021BDDEDACCBADF02115C602711,SHA256=7E62EEAFAF42FE595397140A4338D5322EF42706638B0DA3F742B01429C3C994,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873157Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:26.332{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=34D666167991D2EB11F73291FB731C03,SHA256=34BDEB2E5C83B349BA5DB629426BF703B15E02330A84A1208A624D295FC91D0D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873156Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:26.332{3BF36828-8A4E-6195-DEE0-01000000CC01}3124ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\v9017qz8.default-release\safebrowsing-updating\google4\goog-badbinurl-proto-1.vlpsetMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873155Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:26.247{3BF36828-8A4E-6195-DEE0-01000000CC01}3124ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\v9017qz8.default-release\safebrowsing-updating\google4\goog-unwanted-proto.metadataMD5=51B800E42D798C6119A3E60DAC25C931,SHA256=C0777DC438ABA3FBA2882A67B53B3BE0E588823F4E9B3819C3A5FC5A22755E3B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873154Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:26.247{3BF36828-8A4E-6195-DEE0-01000000CC01}3124ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\v9017qz8.default-release\safebrowsing-updating\google4\goog-unwanted-proto-1.vlpsetMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873153Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:26.247{3BF36828-8A4E-6195-DEE0-01000000CC01}3124ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\v9017qz8.default-release\safebrowsing-updating\google4\goog-malware-proto.metadataMD5=5E0E332CBEF1778798C8F109FC0F34D3,SHA256=EEF7F6DC1ABDC4079589D056FE7750AD1D5DBFE5BC6ECE4177BF98A8A22DF6DC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873152Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:26.232{3BF36828-8A4E-6195-DEE0-01000000CC01}3124ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\v9017qz8.default-release\safebrowsing-updating\google4\goog-malware-proto-1.vlpsetMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873151Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:26.216{3BF36828-8A4E-6195-DEE0-01000000CC01}3124ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\v9017qz8.default-release\safebrowsing-updating\google4\goog-phish-proto.metadataMD5=DC67D76813FA38DB35D0423ADA678315,SHA256=C24492071613C42F0BA764178E68F9658CED6AF936BD79EA5FC1D4E2D852C4FC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873150Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:26.172{3BF36828-8A4E-6195-DEE0-01000000CC01}3124ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\v9017qz8.default-release\safebrowsing-updating\google4\goog-phish-proto-1.vlpsetMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058340Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:27.987{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=72E031AC59C4A98A4B764D2517EEE846,SHA256=193C2D0694422F957710E07EC559D15F6C75F2C3F0DFDC6E6C3B5F3995244C8F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873217Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:27.663{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4FFDFF0223B6C4C5CB3E94B632F813E1,SHA256=C3FB79BE47E5A321DBC9B49A756EEB7BE180BE3D42D6DFAA0C3F62C4E1EF78CD,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000059058339Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:27.510{B81B27B7-28B4-6193-3100-00000000CC01}31203140C:\Windows\system32\conhost.exe{B81B27B7-7A83-619D-E536-01000000CC01}1456C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058338Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:27.510{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058337Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:27.510{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058336Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:27.510{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058335Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:27.510{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058334Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:27.510{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058333Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:27.510{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058332Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:27.510{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058331Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:27.510{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058330Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:27.510{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058329Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:27.510{B81B27B7-28B0-6193-0500-00000000CC01}408424C:\Windows\system32\csrss.exe{B81B27B7-7A83-619D-E536-01000000CC01}1456C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000059058328Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:27.510{B81B27B7-28B3-6193-2C00-00000000CC01}23323408C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{B81B27B7-7A83-619D-E536-01000000CC01}1456C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000059058327Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:27.495{B81B27B7-7A83-619D-E536-01000000CC01}1456C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{B81B27B7-28B1-6193-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{B81B27B7-28B3-6193-2C00-00000000CC01}2332C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 13241300x8000000000000000115873216Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-SetValue2021-11-23 23:34:27.110{3BF36828-9797-6185-0B00-00000000CC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x8000000000000000115873215Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-SetValue2021-11-23 23:34:27.110{3BF36828-9797-6185-0B00-00000000CC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x5d4ee4dc) 13241300x8000000000000000115873214Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-SetValue2021-11-23 23:34:27.110{3BF36828-9797-6185-0B00-00000000CC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7e0ba-0x458fc5ab) 13241300x8000000000000000115873213Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-SetValue2021-11-23 23:34:27.110{3BF36828-9797-6185-0B00-00000000CC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7e0c2-0xa7542dab) 13241300x8000000000000000115873212Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-SetValue2021-11-23 23:34:27.110{3BF36828-9797-6185-0B00-00000000CC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7e0cb-0x091895ab) 13241300x8000000000000000115873211Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-SetValue2021-11-23 23:34:27.110{3BF36828-9797-6185-0B00-00000000CC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x8000000000000000115873210Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-SetValue2021-11-23 23:34:27.110{3BF36828-9797-6185-0B00-00000000CC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x5d4ee4dc) 13241300x8000000000000000115873209Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-SetValue2021-11-23 23:34:27.110{3BF36828-9797-6185-0B00-00000000CC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7e0ba-0x458fc5ab) 13241300x8000000000000000115873208Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-SetValue2021-11-23 23:34:27.110{3BF36828-9797-6185-0B00-00000000CC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7e0c2-0xa7542dab) 13241300x8000000000000000115873207Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-SetValue2021-11-23 23:34:27.110{3BF36828-9797-6185-0B00-00000000CC01}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7e0cb-0x091895ab) 354300x8000000000000000115873206Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:50.453{3BF36828-8A4E-6195-DEE0-01000000CC01}3124C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-128.attackrange.local61836-false142.250.69.202sea30s08-in-f10.1e100.net443https 23542300x8000000000000000115873219Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:28.678{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FFB6A8748C64F3D05E1FAA4B0BF12400,SHA256=80927013CF06DE3157DEC6D7B46E6970546403644DFEB1F2805D59E6FEE170DB,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000059058368Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:28.893{B81B27B7-28B4-6193-3100-00000000CC01}31203140C:\Windows\system32\conhost.exe{B81B27B7-7A84-619D-E736-01000000CC01}5548C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058367Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:28.893{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058366Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:28.893{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058365Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:28.893{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058364Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:28.893{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058363Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:28.893{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058362Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:28.893{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058361Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:28.893{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058360Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:28.893{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058359Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:28.893{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058358Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:28.893{B81B27B7-28B0-6193-0500-00000000CC01}408384C:\Windows\system32\csrss.exe{B81B27B7-7A84-619D-E736-01000000CC01}5548C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000059058357Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:28.893{B81B27B7-28B3-6193-2C00-00000000CC01}23323408C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{B81B27B7-7A84-619D-E736-01000000CC01}5548C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000059058356Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:28.878{B81B27B7-7A84-619D-E736-01000000CC01}5548C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{B81B27B7-28B1-6193-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{B81B27B7-28B3-6193-2C00-00000000CC01}2332C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000059058355Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:28.550{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=1D0DFF39E972162143DC77F402D24B33,SHA256=A6FA0A7F340DEF8C931CA8CA03F471879CA30E651FCEBEA6BB7F006A2E51F142,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058354Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:28.550{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D54DBF4741555D9BE786996EFB8E2E21,SHA256=2FB0B7DC0B5BE58AD599E33FE014613CB9AFB6AFD63EB0D9801529C5B040E63D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000059058353Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:28.206{B81B27B7-28B4-6193-3100-00000000CC01}31203140C:\Windows\system32\conhost.exe{B81B27B7-7A84-619D-E636-01000000CC01}4004C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058352Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:28.206{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058351Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:28.206{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058350Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:28.206{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058349Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:28.206{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058348Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:28.206{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058347Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:28.206{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058346Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:28.206{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058345Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:28.206{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058344Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:28.206{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058343Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:28.206{B81B27B7-28B0-6193-0500-00000000CC01}408528C:\Windows\system32\csrss.exe{B81B27B7-7A84-619D-E636-01000000CC01}4004C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000059058342Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:28.190{B81B27B7-28B3-6193-2C00-00000000CC01}23323408C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{B81B27B7-7A84-619D-E636-01000000CC01}4004C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000059058341Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:28.191{B81B27B7-7A84-619D-E636-01000000CC01}4004C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{B81B27B7-28B1-6193-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{B81B27B7-28B3-6193-2C00-00000000CC01}2332C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000115873218Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:28.596{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2ABC12126993674CCBD3F20A505BCF1C,SHA256=442FC9E56C5B46446ADEEFB728A164A2CCADC827B8DAAC1EEF18B530D003F12A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873220Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:29.693{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=25B0F8DD1D430CCBF7BE6863C634E405,SHA256=9B5A8AE49A820483DBA780DF1996E3AFD9A4957C39DD85ECE3A3E698E8BE831B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058371Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:29.237{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=91CDAA35B093D7F57396F203F52CF702,SHA256=494BE6B197E7C7E1B46433E443FFA8C9ECA3271B1A922DA2D765131BF79507DB,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000059058370Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:14.740{B81B27B7-28BE-6193-7E00-00000000CC01}5272C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58098-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 10341000x800000000000000059058369Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:29.050{B81B27B7-7A84-619D-E736-01000000CC01}55484188C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{B81B27B7-28B3-6193-2C00-00000000CC01}2332C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000115873222Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:30.761{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=466E59587CD9CC5A4651E9CAD7AFEA86,SHA256=13EE65352A9C8F9D468A57687950E36B03399F6153ECE31422B294597F5DB250,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058373Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:30.268{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BFDC9AB11101452DB29FD139E710407F,SHA256=772E3F3E2F78DD0B4A6804F5CA60ED09769BC3E59CE854420426FCFBD046CEF6,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873221Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:30.092{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=80467F2492C737F0C8239D991263AFF3,SHA256=FA89F1EB8E12FBA5320621A9A73A81483B9C4A9BE6FB14E4A6006E020079F69B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058372Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:30.018{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=1D0DFF39E972162143DC77F402D24B33,SHA256=A6FA0A7F340DEF8C931CA8CA03F471879CA30E651FCEBEA6BB7F006A2E51F142,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873224Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:31.791{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AC0453A41338C399AB725A2D8CEF154D,SHA256=121E04037E4C53E2B986817040838784474442E40D77C911E77C2EBCE9EFB225,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058374Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:31.284{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BEBB56891D4446D3BFD9D24301B38B5A,SHA256=50A7E584911B8401FD77D7D984221E5212940965D26C6CEA70B1BD54863ABA6E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x8000000000000000115873223Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:54.716{3BF36828-98A5-6185-ED00-00000000CC01}2352C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local61837-false10.0.1.12-8000- 23542300x8000000000000000115873323Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:32.959{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B0A53E9FB6EDC5118B954108B58D6F5E,SHA256=56A32372DB57A1A81A5BEB7A748DD0B3A305CBC7AF3EDFA511C24349112882B4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x8000000000000000115873322Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:32.890{3BF36828-7A88-619D-7ED0-02000000CC01}7016C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x8000000000000000115873321Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:32.890{3BF36828-7A88-619D-7ED0-02000000CC01}7016C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=B6E99FD898E948657373BB02708C7C00,SHA256=90476029BD7AB0FEC53AAE567AE53BC0B09C7C5C8C7B8F19485BA872B74ED591,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x8000000000000000115873320Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:32.890{3BF36828-7A88-619D-7ED0-02000000CC01}7016C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x8000000000000000115873319Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:32.890{3BF36828-7A88-619D-7ED0-02000000CC01}7016C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x8000000000000000115873318Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:32.890{3BF36828-7A88-619D-7ED0-02000000CC01}7016C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x8000000000000000115873317Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:32.890{3BF36828-7A88-619D-7ED0-02000000CC01}7016C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x8000000000000000115873316Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:32.890{3BF36828-7A88-619D-7ED0-02000000CC01}7016C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x8000000000000000115873315Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:32.890{3BF36828-7A88-619D-7ED0-02000000CC01}7016C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x8000000000000000115873314Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:32.875{3BF36828-7A88-619D-7ED0-02000000CC01}7016C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x8000000000000000115873313Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:32.875{3BF36828-7A88-619D-7ED0-02000000CC01}7016C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x8000000000000000115873312Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:32.875{3BF36828-7A88-619D-7ED0-02000000CC01}7016C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x8000000000000000115873311Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:32.875{3BF36828-7A88-619D-7ED0-02000000CC01}7016C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x8000000000000000115873310Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:32.875{3BF36828-7A88-619D-7ED0-02000000CC01}7016C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=88632FDECDE467B887C3594BE2EC545C,SHA256=FFED4D80961917C785063411ED15CED1DB6588AD925E76D72E1BF684FFDBF25D,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x8000000000000000115873309Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:32.875{3BF36828-7A88-619D-7ED0-02000000CC01}7016C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x8000000000000000115873308Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:32.875{3BF36828-7A88-619D-7ED0-02000000CC01}7016C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x8000000000000000115873307Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:32.875{3BF36828-7A88-619D-7ED0-02000000CC01}7016C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000115873306Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:32.875{3BF36828-7A88-619D-7ED0-02000000CC01}7016C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x8000000000000000115873305Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:32.875{3BF36828-7A88-619D-7ED0-02000000CC01}7016C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x8000000000000000115873304Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:32.875{3BF36828-7A88-619D-7ED0-02000000CC01}7016C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x8000000000000000115873303Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:32.875{3BF36828-7A88-619D-7ED0-02000000CC01}7016C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x8000000000000000115873302Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:32.875{3BF36828-7A88-619D-7ED0-02000000CC01}7016C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x8000000000000000115873301Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:32.875{3BF36828-7A88-619D-7ED0-02000000CC01}7016C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x8000000000000000115873300Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:32.875{3BF36828-7A88-619D-7ED0-02000000CC01}7016C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x8000000000000000115873299Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:32.875{3BF36828-7A88-619D-7ED0-02000000CC01}7016C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x8000000000000000115873298Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:32.875{3BF36828-7A88-619D-7ED0-02000000CC01}7016C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4350 (rs1_release.210407-2154)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=BC930981DA6E598A6A2E87D8355CB38A,SHA256=34DB9A305C0574B5C1694A499221B520DFB2BFD894D8E95096ABF09F1182D758,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x8000000000000000115873297Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:32.875{3BF36828-7A88-619D-7ED0-02000000CC01}7016C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x8000000000000000115873296Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:32.875{3BF36828-7A88-619D-7ED0-02000000CC01}7016C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x8000000000000000115873295Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:32.875{3BF36828-7A88-619D-7ED0-02000000CC01}7016C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x8000000000000000115873294Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:32.875{3BF36828-7A88-619D-7ED0-02000000CC01}7016C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x8000000000000000115873293Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:32.875{3BF36828-7A88-619D-7ED0-02000000CC01}7016C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x8000000000000000115873292Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:32.875{3BF36828-7A88-619D-7ED0-02000000CC01}7016C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x8000000000000000115873291Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:32.875{3BF36828-7A88-619D-7ED0-02000000CC01}7016C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x8000000000000000115873290Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:32.875{3BF36828-7A88-619D-7ED0-02000000CC01}7016C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x8000000000000000115873289Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:32.875{3BF36828-7A88-619D-7ED0-02000000CC01}7016C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x8000000000000000115873288Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:32.875{3BF36828-7A88-619D-7ED0-02000000CC01}7016C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.2969 (rs1_release.190503-1820)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=F5442C4B9A99C3AED71BED79AC46DAD1,SHA256=05F47403F3BD93FB11F39A5CB4D6E4DD08B35FF4FA3D4969D8E5396D38FB484B,IMPHASH=D2F471BB25AF6310EB67BD4EA99B4DBCtrueMicrosoft WindowsValid 10341000x8000000000000000115873287Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:32.875{3BF36828-989E-6185-C300-00000000CC01}59565960C:\Windows\system32\conhost.exe{3BF36828-7A88-619D-7ED0-02000000CC01}7016C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x8000000000000000115873286Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:32.875{3BF36828-7A88-619D-7ED0-02000000CC01}7016C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x8000000000000000115873285Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:32.875{3BF36828-7A88-619D-7ED0-02000000CC01}7016C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x8000000000000000115873284Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:32.875{3BF36828-7A88-619D-7ED0-02000000CC01}7016C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000115873283Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:32.875{3BF36828-7A88-619D-7ED0-02000000CC01}7016C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1CtrueSplunk, Inc.Valid 10341000x8000000000000000115873282Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:32.875{3BF36828-9799-6185-0C00-00000000CC01}8444904C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115873281Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:32.875{3BF36828-9799-6185-0C00-00000000CC01}8444904C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115873280Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:32.875{3BF36828-9799-6185-0C00-00000000CC01}8444904C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115873279Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:32.875{3BF36828-9799-6185-0C00-00000000CC01}8444904C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115873278Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:32.875{3BF36828-9797-6185-0500-00000000CC01}420436C:\Windows\system32\csrss.exe{3BF36828-7A88-619D-7ED0-02000000CC01}7016C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000115873277Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:32.875{3BF36828-989D-6185-BF00-00000000CC01}29682452C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3BF36828-7A88-619D-7ED0-02000000CC01}7016C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000115873276Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:32.860{3BF36828-7A88-619D-7ED0-02000000CC01}7016C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{3BF36828-9797-6185-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{3BF36828-989D-6185-BF00-00000000CC01}2968C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000059058375Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:32.518{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ADAC9A3EF16824ED025CC26BD41297A8,SHA256=7779A66C25ABA42E10F6A357B524770FCA686E2EA31ED68DDABF08E8AEE68E44,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x8000000000000000115873275Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:32.330{3BF36828-7A88-619D-7DD0-02000000CC01}7972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 10341000x8000000000000000115873274Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:32.330{3BF36828-7A88-619D-7DD0-02000000CC01}79721136C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{3BF36828-989D-6185-BF00-00000000CC01}2968C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x8000000000000000115873273Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:32.330{3BF36828-7A88-619D-7DD0-02000000CC01}7972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x8000000000000000115873272Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:32.330{3BF36828-7A88-619D-7DD0-02000000CC01}7972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x8000000000000000115873271Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:32.191{3BF36828-7A88-619D-7DD0-02000000CC01}7972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x8000000000000000115873270Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:32.191{3BF36828-7A88-619D-7DD0-02000000CC01}7972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=B6E99FD898E948657373BB02708C7C00,SHA256=90476029BD7AB0FEC53AAE567AE53BC0B09C7C5C8C7B8F19485BA872B74ED591,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x8000000000000000115873269Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:32.191{3BF36828-7A88-619D-7DD0-02000000CC01}7972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x8000000000000000115873268Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:32.191{3BF36828-7A88-619D-7DD0-02000000CC01}7972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x8000000000000000115873267Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:32.191{3BF36828-7A88-619D-7DD0-02000000CC01}7972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x8000000000000000115873266Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:32.191{3BF36828-7A88-619D-7DD0-02000000CC01}7972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x8000000000000000115873265Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:32.191{3BF36828-7A88-619D-7DD0-02000000CC01}7972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x8000000000000000115873264Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:32.191{3BF36828-7A88-619D-7DD0-02000000CC01}7972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x8000000000000000115873263Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:32.175{3BF36828-7A88-619D-7DD0-02000000CC01}7972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x8000000000000000115873262Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:32.175{3BF36828-7A88-619D-7DD0-02000000CC01}7972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x8000000000000000115873261Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:32.175{3BF36828-7A88-619D-7DD0-02000000CC01}7972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x8000000000000000115873260Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:32.175{3BF36828-7A88-619D-7DD0-02000000CC01}7972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x8000000000000000115873259Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:32.175{3BF36828-7A88-619D-7DD0-02000000CC01}7972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=88632FDECDE467B887C3594BE2EC545C,SHA256=FFED4D80961917C785063411ED15CED1DB6588AD925E76D72E1BF684FFDBF25D,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x8000000000000000115873258Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:32.175{3BF36828-7A88-619D-7DD0-02000000CC01}7972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x8000000000000000115873257Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:32.175{3BF36828-7A88-619D-7DD0-02000000CC01}7972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x8000000000000000115873256Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:32.175{3BF36828-7A88-619D-7DD0-02000000CC01}7972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x8000000000000000115873255Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:32.175{3BF36828-7A88-619D-7DD0-02000000CC01}7972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x8000000000000000115873254Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:32.175{3BF36828-7A88-619D-7DD0-02000000CC01}7972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000115873253Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:32.175{3BF36828-7A88-619D-7DD0-02000000CC01}7972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x8000000000000000115873252Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:32.175{3BF36828-7A88-619D-7DD0-02000000CC01}7972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x8000000000000000115873251Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:32.175{3BF36828-7A88-619D-7DD0-02000000CC01}7972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x8000000000000000115873250Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:32.175{3BF36828-7A88-619D-7DD0-02000000CC01}7972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x8000000000000000115873249Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:32.175{3BF36828-7A88-619D-7DD0-02000000CC01}7972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x8000000000000000115873248Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:32.175{3BF36828-7A88-619D-7DD0-02000000CC01}7972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4350 (rs1_release.210407-2154)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=BC930981DA6E598A6A2E87D8355CB38A,SHA256=34DB9A305C0574B5C1694A499221B520DFB2BFD894D8E95096ABF09F1182D758,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x8000000000000000115873247Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:32.175{3BF36828-7A88-619D-7DD0-02000000CC01}7972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x8000000000000000115873246Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:32.175{3BF36828-7A88-619D-7DD0-02000000CC01}7972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x8000000000000000115873245Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:32.175{3BF36828-7A88-619D-7DD0-02000000CC01}7972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x8000000000000000115873244Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:32.175{3BF36828-7A88-619D-7DD0-02000000CC01}7972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x8000000000000000115873243Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:32.175{3BF36828-7A88-619D-7DD0-02000000CC01}7972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x8000000000000000115873242Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:32.175{3BF36828-7A88-619D-7DD0-02000000CC01}7972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x8000000000000000115873241Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:32.175{3BF36828-7A88-619D-7DD0-02000000CC01}7972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x8000000000000000115873240Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:32.175{3BF36828-7A88-619D-7DD0-02000000CC01}7972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x8000000000000000115873239Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:32.175{3BF36828-7A88-619D-7DD0-02000000CC01}7972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x8000000000000000115873238Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:32.175{3BF36828-7A88-619D-7DD0-02000000CC01}7972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x8000000000000000115873237Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:32.175{3BF36828-7A88-619D-7DD0-02000000CC01}7972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.2969 (rs1_release.190503-1820)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=F5442C4B9A99C3AED71BED79AC46DAD1,SHA256=05F47403F3BD93FB11F39A5CB4D6E4DD08B35FF4FA3D4969D8E5396D38FB484B,IMPHASH=D2F471BB25AF6310EB67BD4EA99B4DBCtrueMicrosoft WindowsValid 10341000x8000000000000000115873236Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:32.175{3BF36828-989E-6185-C300-00000000CC01}59565960C:\Windows\system32\conhost.exe{3BF36828-7A88-619D-7DD0-02000000CC01}7972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x8000000000000000115873235Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:32.175{3BF36828-7A88-619D-7DD0-02000000CC01}7972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x8000000000000000115873234Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:32.175{3BF36828-7A88-619D-7DD0-02000000CC01}7972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x8000000000000000115873233Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:32.175{3BF36828-7A88-619D-7DD0-02000000CC01}7972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000115873232Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:32.175{3BF36828-7A88-619D-7DD0-02000000CC01}7972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1CtrueSplunk, Inc.Valid 10341000x8000000000000000115873231Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:32.175{3BF36828-9799-6185-0C00-00000000CC01}8444904C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115873230Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:32.175{3BF36828-9799-6185-0C00-00000000CC01}8444904C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115873229Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:32.175{3BF36828-9799-6185-0C00-00000000CC01}8444904C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115873228Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:32.175{3BF36828-9799-6185-0C00-00000000CC01}8444904C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115873227Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:32.175{3BF36828-9797-6185-0500-00000000CC01}420436C:\Windows\system32\csrss.exe{3BF36828-7A88-619D-7DD0-02000000CC01}7972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000115873226Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:32.175{3BF36828-989D-6185-BF00-00000000CC01}29682452C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3BF36828-7A88-619D-7DD0-02000000CC01}7972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000115873225Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:32.160{3BF36828-7A88-619D-7DD0-02000000CC01}7972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{3BF36828-9797-6185-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{3BF36828-989D-6185-BF00-00000000CC01}2968C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000115873381Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:33.908{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=77DD0B942FBF6C2F3EA6B7C7125F1292,SHA256=667E3AA3F77617DF58CBB3F74A61CAA88EB1543075C60911C77E1934B050C633,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058376Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:33.643{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DBEE9DE70D592DECBB26055F44A460DD,SHA256=946C525E0C93F9BB555B8A453E338EA156A4F0A750F1F2A6D9F58130D39F4EA9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873380Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:33.844{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C40BF324F5CB886E3F853EAC12EE295E,SHA256=60BAF5F4E87B52072C7D1140D65B15F473C3937672504C7BFED7D5A085632C54,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x8000000000000000115873379Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:33.744{3BF36828-7A89-619D-7FD0-02000000CC01}5524C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x8000000000000000115873378Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:33.744{3BF36828-7A89-619D-7FD0-02000000CC01}5524C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x8000000000000000115873377Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:33.744{3BF36828-7A89-619D-7FD0-02000000CC01}5524C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x8000000000000000115873376Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:33.591{3BF36828-7A89-619D-7FD0-02000000CC01}5524C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x8000000000000000115873375Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:33.591{3BF36828-7A89-619D-7FD0-02000000CC01}5524C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rsaenh.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=B6E99FD898E948657373BB02708C7C00,SHA256=90476029BD7AB0FEC53AAE567AE53BC0B09C7C5C8C7B8F19485BA872B74ED591,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x8000000000000000115873374Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:33.591{3BF36828-7A89-619D-7FD0-02000000CC01}5524C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x8000000000000000115873373Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:33.591{3BF36828-7A89-619D-7FD0-02000000CC01}5524C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x8000000000000000115873372Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:33.591{3BF36828-7A89-619D-7FD0-02000000CC01}5524C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x8000000000000000115873371Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:33.575{3BF36828-7A89-619D-7FD0-02000000CC01}5524C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x8000000000000000115873370Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:33.575{3BF36828-7A89-619D-7FD0-02000000CC01}5524C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x8000000000000000115873369Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:33.575{3BF36828-7A89-619D-7FD0-02000000CC01}5524C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x8000000000000000115873368Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:33.575{3BF36828-7A89-619D-7FD0-02000000CC01}5524C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x8000000000000000115873367Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:33.575{3BF36828-7A89-619D-7FD0-02000000CC01}5524C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x8000000000000000115873366Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:33.575{3BF36828-7A89-619D-7FD0-02000000CC01}5524C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x8000000000000000115873365Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:33.575{3BF36828-7A89-619D-7FD0-02000000CC01}5524C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x8000000000000000115873364Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:33.575{3BF36828-7A89-619D-7FD0-02000000CC01}5524C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\combase.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=88632FDECDE467B887C3594BE2EC545C,SHA256=FFED4D80961917C785063411ED15CED1DB6588AD925E76D72E1BF684FFDBF25D,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x8000000000000000115873363Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:33.575{3BF36828-7A89-619D-7FD0-02000000CC01}5524C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x8000000000000000115873362Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:33.575{3BF36828-7A89-619D-7FD0-02000000CC01}5524C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x8000000000000000115873361Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:33.575{3BF36828-7A89-619D-7FD0-02000000CC01}5524C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000115873360Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:33.575{3BF36828-7A89-619D-7FD0-02000000CC01}5524C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x8000000000000000115873359Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:33.575{3BF36828-7A89-619D-7FD0-02000000CC01}5524C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x8000000000000000115873358Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:33.575{3BF36828-7A89-619D-7FD0-02000000CC01}5524C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x8000000000000000115873357Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:33.575{3BF36828-7A89-619D-7FD0-02000000CC01}5524C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x8000000000000000115873356Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:33.575{3BF36828-7A89-619D-7FD0-02000000CC01}5524C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x8000000000000000115873355Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:33.575{3BF36828-7A89-619D-7FD0-02000000CC01}5524C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x8000000000000000115873354Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:33.575{3BF36828-7A89-619D-7FD0-02000000CC01}5524C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x8000000000000000115873353Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:33.575{3BF36828-7A89-619D-7FD0-02000000CC01}5524C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x8000000000000000115873352Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:33.575{3BF36828-7A89-619D-7FD0-02000000CC01}5524C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x8000000000000000115873351Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:33.575{3BF36828-7A89-619D-7FD0-02000000CC01}5524C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4350 (rs1_release.210407-2154)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=BC930981DA6E598A6A2E87D8355CB38A,SHA256=34DB9A305C0574B5C1694A499221B520DFB2BFD894D8E95096ABF09F1182D758,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x8000000000000000115873350Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:33.575{3BF36828-7A89-619D-7FD0-02000000CC01}5524C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x8000000000000000115873349Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:33.575{3BF36828-7A89-619D-7FD0-02000000CC01}5524C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x8000000000000000115873348Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:33.575{3BF36828-7A89-619D-7FD0-02000000CC01}5524C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x8000000000000000115873347Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:33.575{3BF36828-7A89-619D-7FD0-02000000CC01}5524C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x8000000000000000115873346Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:33.575{3BF36828-7A89-619D-7FD0-02000000CC01}5524C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x8000000000000000115873345Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:33.575{3BF36828-7A89-619D-7FD0-02000000CC01}5524C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x8000000000000000115873344Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:33.575{3BF36828-7A89-619D-7FD0-02000000CC01}5524C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x8000000000000000115873343Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:33.575{3BF36828-7A89-619D-7FD0-02000000CC01}5524C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x8000000000000000115873342Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:33.575{3BF36828-7A89-619D-7FD0-02000000CC01}5524C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\fltLib.dll10.0.14393.0 (rs1_release.160715-1616)Filter LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationfilterLib.dllMD5=051ABD8360BDA63A1BC77C662FBF0A25,SHA256=C914E2DBAEC2C9A11923A984B30A979637D3A27B3C29E93F4C90FB1D9FBC518F,IMPHASH=74D3C2DA8B6F9861866B866AE40683D3trueMicrosoft WindowsValid 734700x8000000000000000115873341Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:33.575{3BF36828-7A89-619D-7FD0-02000000CC01}5524C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\advapi32.dll10.0.14393.2969 (rs1_release.190503-1820)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=F5442C4B9A99C3AED71BED79AC46DAD1,SHA256=05F47403F3BD93FB11F39A5CB4D6E4DD08B35FF4FA3D4969D8E5396D38FB484B,IMPHASH=D2F471BB25AF6310EB67BD4EA99B4DBCtrueMicrosoft WindowsValid 10341000x8000000000000000115873340Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:33.575{3BF36828-989E-6185-C300-00000000CC01}59565960C:\Windows\system32\conhost.exe{3BF36828-7A89-619D-7FD0-02000000CC01}5524C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x8000000000000000115873339Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:33.575{3BF36828-7A89-619D-7FD0-02000000CC01}5524C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x8000000000000000115873338Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:33.575{3BF36828-7A89-619D-7FD0-02000000CC01}5524C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x8000000000000000115873337Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:33.575{3BF36828-7A89-619D-7FD0-02000000CC01}5524C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000115873336Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:33.575{3BF36828-7A89-619D-7FD0-02000000CC01}5524C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exeMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8trueSplunk, Inc.Valid 10341000x8000000000000000115873335Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:33.575{3BF36828-9799-6185-0C00-00000000CC01}8444904C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115873334Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:33.575{3BF36828-9799-6185-0C00-00000000CC01}8444904C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115873333Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:33.575{3BF36828-9799-6185-0C00-00000000CC01}8444904C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115873332Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:33.575{3BF36828-9799-6185-0C00-00000000CC01}8444904C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115873331Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:33.575{3BF36828-9797-6185-0500-00000000CC01}420436C:\Windows\system32\csrss.exe{3BF36828-7A89-619D-7FD0-02000000CC01}5524C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000115873330Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:33.575{3BF36828-989D-6185-BF00-00000000CC01}29682452C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3BF36828-7A89-619D-7FD0-02000000CC01}5524C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000115873329Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:33.560{3BF36828-7A89-619D-7FD0-02000000CC01}5524C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{3BF36828-9797-6185-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{3BF36828-989D-6185-BF00-00000000CC01}2968C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000115873328Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:33.160{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=25FB05130925F36780B11079A6E40CA4,SHA256=75257E6AFF7089F0505D4D0704FC02512F546B2838EB683B4EE3DB32EEC2E4DC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x8000000000000000115873327Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:33.029{3BF36828-7A88-619D-7ED0-02000000CC01}7016C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 10341000x8000000000000000115873326Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:33.029{3BF36828-7A88-619D-7ED0-02000000CC01}70163180C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{3BF36828-989D-6185-BF00-00000000CC01}2968C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x8000000000000000115873325Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:33.029{3BF36828-7A88-619D-7ED0-02000000CC01}7016C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x8000000000000000115873324Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:33.029{3BF36828-7A88-619D-7ED0-02000000CC01}7016C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x8000000000000000115873486Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:34.989{3BF36828-7A8A-619D-81D0-02000000CC01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x8000000000000000115873485Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:34.989{3BF36828-7A8A-619D-81D0-02000000CC01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=B6E99FD898E948657373BB02708C7C00,SHA256=90476029BD7AB0FEC53AAE567AE53BC0B09C7C5C8C7B8F19485BA872B74ED591,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x8000000000000000115873484Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:34.989{3BF36828-7A8A-619D-81D0-02000000CC01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x8000000000000000115873483Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:34.989{3BF36828-7A8A-619D-81D0-02000000CC01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x8000000000000000115873482Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:34.989{3BF36828-7A8A-619D-81D0-02000000CC01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x8000000000000000115873481Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:34.989{3BF36828-7A8A-619D-81D0-02000000CC01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x8000000000000000115873480Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:34.989{3BF36828-7A8A-619D-81D0-02000000CC01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x8000000000000000115873479Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:34.989{3BF36828-7A8A-619D-81D0-02000000CC01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x8000000000000000115873478Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:34.973{3BF36828-7A8A-619D-81D0-02000000CC01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sspicli.dll10.0.14393.2580 (rs1_release_inmarket.181009-1745)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=5061339CE61C0B32DB8F51A95E3B2422,SHA256=60558CA374334D4C6BBAD475921538C14A9FF3422893348A0503C1F33015FD25,IMPHASH=4B1C9487A6420C18F688F0EC5BEB6F33trueMicrosoft WindowsValid 734700x8000000000000000115873477Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:34.973{3BF36828-7A8A-619D-81D0-02000000CC01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x8000000000000000115873476Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:34.973{3BF36828-7A8A-619D-81D0-02000000CC01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x8000000000000000115873475Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:34.973{3BF36828-7A8A-619D-81D0-02000000CC01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x8000000000000000115873474Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:34.973{3BF36828-7A8A-619D-81D0-02000000CC01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x8000000000000000115873473Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:34.973{3BF36828-7A8A-619D-81D0-02000000CC01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x8000000000000000115873472Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:34.973{3BF36828-7A8A-619D-81D0-02000000CC01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\combase.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=88632FDECDE467B887C3594BE2EC545C,SHA256=FFED4D80961917C785063411ED15CED1DB6588AD925E76D72E1BF684FFDBF25D,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x8000000000000000115873471Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:34.973{3BF36828-7A8A-619D-81D0-02000000CC01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x8000000000000000115873470Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:34.973{3BF36828-7A8A-619D-81D0-02000000CC01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x8000000000000000115873469Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:34.973{3BF36828-7A8A-619D-81D0-02000000CC01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x8000000000000000115873468Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:34.973{3BF36828-7A8A-619D-81D0-02000000CC01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x8000000000000000115873467Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:34.973{3BF36828-7A8A-619D-81D0-02000000CC01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x8000000000000000115873466Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:34.973{3BF36828-7A8A-619D-81D0-02000000CC01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x8000000000000000115873465Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:34.973{3BF36828-7A8A-619D-81D0-02000000CC01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x8000000000000000115873464Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:34.973{3BF36828-7A8A-619D-81D0-02000000CC01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x8000000000000000115873463Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:34.973{3BF36828-7A8A-619D-81D0-02000000CC01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x8000000000000000115873462Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:34.973{3BF36828-7A8A-619D-81D0-02000000CC01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x8000000000000000115873461Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:34.973{3BF36828-7A8A-619D-81D0-02000000CC01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x8000000000000000115873460Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:34.973{3BF36828-7A8A-619D-81D0-02000000CC01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000115873459Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:34.973{3BF36828-7A8A-619D-81D0-02000000CC01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x8000000000000000115873458Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:34.973{3BF36828-7A8A-619D-81D0-02000000CC01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x8000000000000000115873457Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:34.973{3BF36828-7A8A-619D-81D0-02000000CC01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x8000000000000000115873456Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:34.973{3BF36828-7A8A-619D-81D0-02000000CC01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\nsi.dll10.0.14393.3297 (rs1_release_1.191001-1045)NSI User-mode interface DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationnsi.dllMD5=994E2A6D2A0B38E0968B3998E42033AC,SHA256=491F2D1DE09C39B324BCF5800198AC7CCE755F4023F1FEB3854D33716461BC27,IMPHASH=B01B7830101BC0D5FBDE4FFE2B170CF7trueMicrosoft WindowsValid 734700x8000000000000000115873455Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:34.973{3BF36828-7A8A-619D-81D0-02000000CC01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x8000000000000000115873454Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:34.973{3BF36828-7A8A-619D-81D0-02000000CC01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\IPHLPAPI.DLL10.0.14393.2339 (rs1_release_inmarket.180611-1502)IP Helper APIMicrosoft® Windows® Operating SystemMicrosoft Corporationiphlpapi.dllMD5=3CD38EDF9CA12F91131EDEE32D1C9DF5,SHA256=AF2440640BF8BDEAAF0DECDD7C354158E415ED0AA340ABA7A6CCCDC09C1E728B,IMPHASH=98738BA55485CCA932F6D222F47FFC55trueMicrosoft WindowsValid 734700x8000000000000000115873453Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:34.973{3BF36828-7A8A-619D-81D0-02000000CC01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x8000000000000000115873452Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:34.973{3BF36828-7A8A-619D-81D0-02000000CC01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dnsapi.dll10.0.14393.4350 (rs1_release.210407-2154)DNS Client API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationdnsapiMD5=D7651F99299B13D576A72643BFC44944,SHA256=589302E630C473DBDF4CE92C59F00B029FCA0C228E7111A764166E16025FA1A9,IMPHASH=3C043C6FF0F62DAEB8819606F79C5ECCtrueMicrosoft WindowsValid 734700x8000000000000000115873451Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:34.973{3BF36828-7A8A-619D-81D0-02000000CC01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5,IMPHASH=0D8FF9DE2DA5C07D680347B1A098E759trueMicrosoft WindowsValid 734700x8000000000000000115873450Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:34.973{3BF36828-7A8A-619D-81D0-02000000CC01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\advapi32.dll10.0.14393.2969 (rs1_release.190503-1820)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=F5442C4B9A99C3AED71BED79AC46DAD1,SHA256=05F47403F3BD93FB11F39A5CB4D6E4DD08B35FF4FA3D4969D8E5396D38FB484B,IMPHASH=D2F471BB25AF6310EB67BD4EA99B4DBCtrueMicrosoft WindowsValid 734700x8000000000000000115873449Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:34.973{3BF36828-7A8A-619D-81D0-02000000CC01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4350 (rs1_release.210407-2154)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=BC930981DA6E598A6A2E87D8355CB38A,SHA256=34DB9A305C0574B5C1694A499221B520DFB2BFD894D8E95096ABF09F1182D758,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x8000000000000000115873448Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:34.973{3BF36828-7A8A-619D-81D0-02000000CC01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x8000000000000000115873447Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:34.973{3BF36828-7A8A-619D-81D0-02000000CC01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 10341000x8000000000000000115873446Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:34.973{3BF36828-989E-6185-C300-00000000CC01}59565960C:\Windows\system32\conhost.exe{3BF36828-7A8A-619D-81D0-02000000CC01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x8000000000000000115873445Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:34.973{3BF36828-7A8A-619D-81D0-02000000CC01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x8000000000000000115873444Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:34.973{3BF36828-7A8A-619D-81D0-02000000CC01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x8000000000000000115873443Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:34.973{3BF36828-7A8A-619D-81D0-02000000CC01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000115873442Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:34.973{3BF36828-7A8A-619D-81D0-02000000CC01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exeMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AECtrueSplunk, Inc.Valid 10341000x8000000000000000115873441Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:34.973{3BF36828-9799-6185-0C00-00000000CC01}8444904C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115873440Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:34.973{3BF36828-9799-6185-0C00-00000000CC01}8444904C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115873439Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:34.973{3BF36828-9799-6185-0C00-00000000CC01}8444904C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115873438Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:34.973{3BF36828-9799-6185-0C00-00000000CC01}8444904C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115873437Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:34.973{3BF36828-9797-6185-0500-00000000CC01}420412C:\Windows\system32\csrss.exe{3BF36828-7A8A-619D-81D0-02000000CC01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000115873436Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:34.973{3BF36828-989D-6185-BF00-00000000CC01}29682452C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3BF36828-7A8A-619D-81D0-02000000CC01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000115873435Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:34.959{3BF36828-7A8A-619D-81D0-02000000CC01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{3BF36828-9797-6185-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{3BF36828-989D-6185-BF00-00000000CC01}2968C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000059058378Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:34.675{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C6EA845B90D8FD81EC73935A0DB94B30,SHA256=F7755347A51BC37F086B494BD8A945DD66049E51A4DB892334815AA04F2117DF,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873434Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:34.590{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=3CBCE3A28693C1AA3872EC1185A8FFDB,SHA256=EC3C8CF2AE65F189B1FB7810069462D570CAEC8520541847AEAEA7B7C03B3741,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x8000000000000000115873433Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:34.427{3BF36828-7A8A-619D-80D0-02000000CC01}1924C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 10341000x8000000000000000115873432Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:34.427{3BF36828-7A8A-619D-80D0-02000000CC01}19246480C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{3BF36828-989D-6185-BF00-00000000CC01}2968C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x8000000000000000115873431Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:34.411{3BF36828-7A8A-619D-80D0-02000000CC01}1924C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x8000000000000000115873430Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:34.411{3BF36828-7A8A-619D-80D0-02000000CC01}1924C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x8000000000000000115873429Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:34.290{3BF36828-7A8A-619D-80D0-02000000CC01}1924C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x8000000000000000115873428Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:34.290{3BF36828-7A8A-619D-80D0-02000000CC01}1924C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=B6E99FD898E948657373BB02708C7C00,SHA256=90476029BD7AB0FEC53AAE567AE53BC0B09C7C5C8C7B8F19485BA872B74ED591,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x8000000000000000115873427Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:34.290{3BF36828-7A8A-619D-80D0-02000000CC01}1924C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x8000000000000000115873426Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:34.274{3BF36828-7A8A-619D-80D0-02000000CC01}1924C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x8000000000000000115873425Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:34.274{3BF36828-7A8A-619D-80D0-02000000CC01}1924C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x8000000000000000115873424Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:34.274{3BF36828-7A8A-619D-80D0-02000000CC01}1924C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x8000000000000000115873423Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:34.274{3BF36828-7A8A-619D-80D0-02000000CC01}1924C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x8000000000000000115873422Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:34.274{3BF36828-7A8A-619D-80D0-02000000CC01}1924C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x8000000000000000115873421Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:34.274{3BF36828-7A8A-619D-80D0-02000000CC01}1924C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x8000000000000000115873420Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:34.274{3BF36828-7A8A-619D-80D0-02000000CC01}1924C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x8000000000000000115873419Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:34.274{3BF36828-7A8A-619D-80D0-02000000CC01}1924C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x8000000000000000115873418Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:34.274{3BF36828-7A8A-619D-80D0-02000000CC01}1924C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x8000000000000000115873417Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:34.274{3BF36828-7A8A-619D-80D0-02000000CC01}1924C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\combase.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=88632FDECDE467B887C3594BE2EC545C,SHA256=FFED4D80961917C785063411ED15CED1DB6588AD925E76D72E1BF684FFDBF25D,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x8000000000000000115873416Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:34.274{3BF36828-7A8A-619D-80D0-02000000CC01}1924C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x8000000000000000115873415Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:34.274{3BF36828-7A8A-619D-80D0-02000000CC01}1924C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x8000000000000000115873414Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:34.274{3BF36828-7A8A-619D-80D0-02000000CC01}1924C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x8000000000000000115873413Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:34.274{3BF36828-7A8A-619D-80D0-02000000CC01}1924C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000115873412Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:34.274{3BF36828-7A8A-619D-80D0-02000000CC01}1924C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x8000000000000000115873411Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:34.274{3BF36828-7A8A-619D-80D0-02000000CC01}1924C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x8000000000000000115873410Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:34.274{3BF36828-7A8A-619D-80D0-02000000CC01}1924C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x8000000000000000115873409Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:34.274{3BF36828-7A8A-619D-80D0-02000000CC01}1924C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x8000000000000000115873408Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:34.274{3BF36828-7A8A-619D-80D0-02000000CC01}1924C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x8000000000000000115873407Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:34.274{3BF36828-7A8A-619D-80D0-02000000CC01}1924C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x8000000000000000115873406Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:34.274{3BF36828-7A8A-619D-80D0-02000000CC01}1924C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x8000000000000000115873405Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:34.274{3BF36828-7A8A-619D-80D0-02000000CC01}1924C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x8000000000000000115873404Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:34.274{3BF36828-7A8A-619D-80D0-02000000CC01}1924C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x8000000000000000115873403Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:34.274{3BF36828-7A8A-619D-80D0-02000000CC01}1924C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4350 (rs1_release.210407-2154)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=BC930981DA6E598A6A2E87D8355CB38A,SHA256=34DB9A305C0574B5C1694A499221B520DFB2BFD894D8E95096ABF09F1182D758,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x8000000000000000115873402Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:34.274{3BF36828-7A8A-619D-80D0-02000000CC01}1924C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x8000000000000000115873401Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:34.274{3BF36828-7A8A-619D-80D0-02000000CC01}1924C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x8000000000000000115873400Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:34.274{3BF36828-7A8A-619D-80D0-02000000CC01}1924C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x8000000000000000115873399Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:34.274{3BF36828-7A8A-619D-80D0-02000000CC01}1924C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x8000000000000000115873398Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:34.274{3BF36828-7A8A-619D-80D0-02000000CC01}1924C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x8000000000000000115873397Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:34.274{3BF36828-7A8A-619D-80D0-02000000CC01}1924C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x8000000000000000115873396Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:34.274{3BF36828-7A8A-619D-80D0-02000000CC01}1924C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x8000000000000000115873395Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:34.274{3BF36828-7A8A-619D-80D0-02000000CC01}1924C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5,IMPHASH=0D8FF9DE2DA5C07D680347B1A098E759trueMicrosoft WindowsValid 734700x8000000000000000115873394Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:34.274{3BF36828-7A8A-619D-80D0-02000000CC01}1924C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\advapi32.dll10.0.14393.2969 (rs1_release.190503-1820)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=F5442C4B9A99C3AED71BED79AC46DAD1,SHA256=05F47403F3BD93FB11F39A5CB4D6E4DD08B35FF4FA3D4969D8E5396D38FB484B,IMPHASH=D2F471BB25AF6310EB67BD4EA99B4DBCtrueMicrosoft WindowsValid 10341000x8000000000000000115873393Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:34.274{3BF36828-989E-6185-C300-00000000CC01}59565960C:\Windows\system32\conhost.exe{3BF36828-7A8A-619D-80D0-02000000CC01}1924C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x8000000000000000115873392Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:34.274{3BF36828-7A8A-619D-80D0-02000000CC01}1924C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x8000000000000000115873391Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:34.274{3BF36828-7A8A-619D-80D0-02000000CC01}1924C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x8000000000000000115873390Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:34.274{3BF36828-7A8A-619D-80D0-02000000CC01}1924C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000115873389Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:34.274{3BF36828-7A8A-619D-80D0-02000000CC01}1924C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exeMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25trueSplunk, Inc.Valid 10341000x8000000000000000115873388Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:34.274{3BF36828-9799-6185-0C00-00000000CC01}8444904C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115873387Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:34.274{3BF36828-9799-6185-0C00-00000000CC01}8444904C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115873386Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:34.274{3BF36828-9799-6185-0C00-00000000CC01}8444904C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115873385Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:34.274{3BF36828-9799-6185-0C00-00000000CC01}8444904C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115873384Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:34.274{3BF36828-9797-6185-0500-00000000CC01}420536C:\Windows\system32\csrss.exe{3BF36828-7A8A-619D-80D0-02000000CC01}1924C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000115873383Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:34.274{3BF36828-989D-6185-BF00-00000000CC01}29682452C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3BF36828-7A8A-619D-80D0-02000000CC01}1924C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000115873382Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:34.260{3BF36828-7A8A-619D-80D0-02000000CC01}1924C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{3BF36828-9797-6185-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{3BF36828-989D-6185-BF00-00000000CC01}2968C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000059058377Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:19.874{B81B27B7-28BE-6193-7E00-00000000CC01}5272C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58099-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000059058379Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:35.909{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9F49CE4C62BA89513BF66CF772D1A11D,SHA256=59642939397A6EF6CDCF21809C2C15083AE31CB0A26E4FE14B9F1B8B210E835D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x8000000000000000115873546Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:35.811{3BF36828-7A8B-619D-82D0-02000000CC01}68205808C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{3BF36828-989D-6185-BF00-00000000CC01}2968C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x8000000000000000115873545Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:35.811{3BF36828-7A8B-619D-82D0-02000000CC01}6820C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x8000000000000000115873544Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:35.811{3BF36828-7A8B-619D-82D0-02000000CC01}6820C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x8000000000000000115873543Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:35.673{3BF36828-7A8B-619D-82D0-02000000CC01}6820C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x8000000000000000115873542Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:35.673{3BF36828-7A8B-619D-82D0-02000000CC01}6820C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rsaenh.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=B6E99FD898E948657373BB02708C7C00,SHA256=90476029BD7AB0FEC53AAE567AE53BC0B09C7C5C8C7B8F19485BA872B74ED591,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x8000000000000000115873541Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:35.673{3BF36828-7A8B-619D-82D0-02000000CC01}6820C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x8000000000000000115873540Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:35.673{3BF36828-7A8B-619D-82D0-02000000CC01}6820C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x8000000000000000115873539Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:35.673{3BF36828-7A8B-619D-82D0-02000000CC01}6820C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x8000000000000000115873538Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:35.673{3BF36828-7A8B-619D-82D0-02000000CC01}6820C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x8000000000000000115873537Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:35.673{3BF36828-7A8B-619D-82D0-02000000CC01}6820C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x8000000000000000115873536Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:35.673{3BF36828-7A8B-619D-82D0-02000000CC01}6820C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x8000000000000000115873535Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:35.673{3BF36828-7A8B-619D-82D0-02000000CC01}6820C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x8000000000000000115873534Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:35.657{3BF36828-7A8B-619D-82D0-02000000CC01}6820C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x8000000000000000115873533Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:35.657{3BF36828-7A8B-619D-82D0-02000000CC01}6820C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x8000000000000000115873532Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:35.657{3BF36828-7A8B-619D-82D0-02000000CC01}6820C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x8000000000000000115873531Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:35.657{3BF36828-7A8B-619D-82D0-02000000CC01}6820C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x8000000000000000115873530Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:35.657{3BF36828-7A8B-619D-82D0-02000000CC01}6820C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x8000000000000000115873529Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:35.657{3BF36828-7A8B-619D-82D0-02000000CC01}6820C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x8000000000000000115873528Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:35.657{3BF36828-7A8B-619D-82D0-02000000CC01}6820C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x8000000000000000115873527Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:35.657{3BF36828-7A8B-619D-82D0-02000000CC01}6820C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x8000000000000000115873526Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:35.657{3BF36828-7A8B-619D-82D0-02000000CC01}6820C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x8000000000000000115873525Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:35.657{3BF36828-7A8B-619D-82D0-02000000CC01}6820C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x8000000000000000115873524Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:35.657{3BF36828-7A8B-619D-82D0-02000000CC01}6820C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x8000000000000000115873523Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:35.657{3BF36828-7A8B-619D-82D0-02000000CC01}6820C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x8000000000000000115873522Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:35.657{3BF36828-7A8B-619D-82D0-02000000CC01}6820C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x8000000000000000115873521Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:35.657{3BF36828-7A8B-619D-82D0-02000000CC01}6820C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x8000000000000000115873520Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:35.657{3BF36828-7A8B-619D-82D0-02000000CC01}6820C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\advapi32.dll10.0.14393.2969 (rs1_release.190503-1820)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=F5442C4B9A99C3AED71BED79AC46DAD1,SHA256=05F47403F3BD93FB11F39A5CB4D6E4DD08B35FF4FA3D4969D8E5396D38FB484B,IMPHASH=D2F471BB25AF6310EB67BD4EA99B4DBCtrueMicrosoft WindowsValid 734700x8000000000000000115873519Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:35.657{3BF36828-7A8B-619D-82D0-02000000CC01}6820C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x8000000000000000115873518Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:35.657{3BF36828-7A8B-619D-82D0-02000000CC01}6820C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x8000000000000000115873517Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:35.657{3BF36828-7A8B-619D-82D0-02000000CC01}6820C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x8000000000000000115873516Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:35.657{3BF36828-7A8B-619D-82D0-02000000CC01}6820C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x8000000000000000115873515Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:35.657{3BF36828-7A8B-619D-82D0-02000000CC01}6820C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4350 (rs1_release.210407-2154)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=BC930981DA6E598A6A2E87D8355CB38A,SHA256=34DB9A305C0574B5C1694A499221B520DFB2BFD894D8E95096ABF09F1182D758,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x8000000000000000115873514Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:35.657{3BF36828-7A8B-619D-82D0-02000000CC01}6820C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x8000000000000000115873513Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:35.657{3BF36828-7A8B-619D-82D0-02000000CC01}6820C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\combase.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=88632FDECDE467B887C3594BE2EC545C,SHA256=FFED4D80961917C785063411ED15CED1DB6588AD925E76D72E1BF684FFDBF25D,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x8000000000000000115873512Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:35.657{3BF36828-7A8B-619D-82D0-02000000CC01}6820C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x8000000000000000115873511Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:35.657{3BF36828-7A8B-619D-82D0-02000000CC01}6820C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x8000000000000000115873510Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:35.657{3BF36828-7A8B-619D-82D0-02000000CC01}6820C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x8000000000000000115873509Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:35.657{3BF36828-7A8B-619D-82D0-02000000CC01}6820C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000115873508Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:35.657{3BF36828-7A8B-619D-82D0-02000000CC01}6820C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 10341000x8000000000000000115873507Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:35.657{3BF36828-989E-6185-C300-00000000CC01}59565960C:\Windows\system32\conhost.exe{3BF36828-7A8B-619D-82D0-02000000CC01}6820C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x8000000000000000115873506Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:35.657{3BF36828-7A8B-619D-82D0-02000000CC01}6820C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x8000000000000000115873505Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:35.657{3BF36828-7A8B-619D-82D0-02000000CC01}6820C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x8000000000000000115873504Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:35.657{3BF36828-7A8B-619D-82D0-02000000CC01}6820C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000115873503Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:35.657{3BF36828-7A8B-619D-82D0-02000000CC01}6820C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exeMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165trueSplunk, Inc.Valid 10341000x8000000000000000115873502Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:35.657{3BF36828-9799-6185-0C00-00000000CC01}8444904C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115873501Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:35.657{3BF36828-9799-6185-0C00-00000000CC01}8444904C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115873500Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:35.657{3BF36828-9799-6185-0C00-00000000CC01}8444904C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115873499Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:35.657{3BF36828-9799-6185-0C00-00000000CC01}8444904C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115873498Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:35.657{3BF36828-9797-6185-0500-00000000CC01}420536C:\Windows\system32\csrss.exe{3BF36828-7A8B-619D-82D0-02000000CC01}6820C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000115873497Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:35.657{3BF36828-989D-6185-BF00-00000000CC01}29682452C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3BF36828-7A8B-619D-82D0-02000000CC01}6820C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000115873496Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:35.642{3BF36828-7A8B-619D-82D0-02000000CC01}6820C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{3BF36828-9797-6185-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{3BF36828-989D-6185-BF00-00000000CC01}2968C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 734700x8000000000000000115873495Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:35.142{3BF36828-7A8A-619D-81D0-02000000CC01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x8000000000000000115873494Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:35.126{3BF36828-7A8A-619D-81D0-02000000CC01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x8000000000000000115873493Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:35.126{3BF36828-7A8A-619D-81D0-02000000CC01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 10341000x8000000000000000115873492Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:35.126{3BF36828-9D19-618C-1ED4-00000000CC01}61284772C:\Windows\system32\taskmgr.exe{3BF36828-7A8A-619D-81D0-02000000CC01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+19544|C:\Windows\system32\taskmgr.exe+1a290|C:\Windows\system32\taskmgr.exe+19e20|C:\Windows\system32\taskmgr.exe+1cc42|C:\Windows\system32\taskmgr.exe+14fa9|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115873491Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:35.126{3BF36828-9D19-618C-1ED4-00000000CC01}61284772C:\Windows\system32\taskmgr.exe{3BF36828-7A8A-619D-81D0-02000000CC01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\taskmgr.exe+1e590|C:\Windows\system32\taskmgr.exe+1a25e|C:\Windows\system32\taskmgr.exe+19e20|C:\Windows\system32\taskmgr.exe+1cc42|C:\Windows\system32\taskmgr.exe+14fa9|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115873490Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:35.126{3BF36828-9D19-618C-1ED4-00000000CC01}61284772C:\Windows\system32\taskmgr.exe{3BF36828-7A8A-619D-81D0-02000000CC01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+1ea6a|C:\Windows\system32\taskmgr.exe+1a0d0|C:\Windows\system32\taskmgr.exe+19e20|C:\Windows\system32\taskmgr.exe+1cc42|C:\Windows\system32\taskmgr.exe+14fa9|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115873489Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:35.126{3BF36828-9D19-618C-1ED4-00000000CC01}61284772C:\Windows\system32\taskmgr.exe{3BF36828-7A8A-619D-81D0-02000000CC01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+b1cf|C:\Windows\system32\taskmgr.exe+1a084|C:\Windows\system32\taskmgr.exe+19e20|C:\Windows\system32\taskmgr.exe+1cc42|C:\Windows\system32\taskmgr.exe+14fa9|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115873488Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:35.126{3BF36828-9D19-618C-1ED4-00000000CC01}61284772C:\Windows\system32\taskmgr.exe{3BF36828-7A8A-619D-81D0-02000000CC01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+b2b8|C:\Windows\system32\taskmgr.exe+19d0d|C:\Windows\system32\taskmgr.exe+1cc42|C:\Windows\system32\taskmgr.exe+14fa9|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000115873487Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:35.026{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=67F6BC18412DB097856F2919DA0AD8F2,SHA256=E1B054CF3426AF81DC4A6ED1CCF4E9EC9A9567D74DA924CE291FC8FC9482B8EA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x8000000000000000115873601Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:36.373{3BF36828-7A8C-619D-83D0-02000000CC01}4072C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x8000000000000000115873600Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:36.373{3BF36828-7A8C-619D-83D0-02000000CC01}4072C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x8000000000000000115873599Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:36.373{3BF36828-7A8C-619D-83D0-02000000CC01}4072C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 354300x8000000000000000115873598Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:59.744{3BF36828-98A5-6185-ED00-00000000CC01}2352C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local61838-false10.0.1.12-8000- 734700x8000000000000000115873597Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:36.211{3BF36828-7A8C-619D-83D0-02000000CC01}4072C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x8000000000000000115873596Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:36.211{3BF36828-7A8C-619D-83D0-02000000CC01}4072C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=B6E99FD898E948657373BB02708C7C00,SHA256=90476029BD7AB0FEC53AAE567AE53BC0B09C7C5C8C7B8F19485BA872B74ED591,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x8000000000000000115873595Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:36.210{3BF36828-7A8C-619D-83D0-02000000CC01}4072C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x8000000000000000115873594Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:36.209{3BF36828-7A8C-619D-83D0-02000000CC01}4072C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x8000000000000000115873593Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:36.208{3BF36828-7A8C-619D-83D0-02000000CC01}4072C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x8000000000000000115873592Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:36.208{3BF36828-7A8C-619D-83D0-02000000CC01}4072C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x8000000000000000115873591Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:36.207{3BF36828-7A8C-619D-83D0-02000000CC01}4072C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x8000000000000000115873590Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:36.189{3BF36828-7A8C-619D-83D0-02000000CC01}4072C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x8000000000000000115873589Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:36.189{3BF36828-7A8C-619D-83D0-02000000CC01}4072C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x8000000000000000115873588Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:36.189{3BF36828-7A8C-619D-83D0-02000000CC01}4072C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x8000000000000000115873587Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:36.189{3BF36828-7A8C-619D-83D0-02000000CC01}4072C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x8000000000000000115873586Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:36.189{3BF36828-7A8C-619D-83D0-02000000CC01}4072C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x8000000000000000115873585Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:36.189{3BF36828-7A8C-619D-83D0-02000000CC01}4072C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x8000000000000000115873584Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:36.189{3BF36828-7A8C-619D-83D0-02000000CC01}4072C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\winspool.drv10.0.14393.4169 (rs1_release.210107-1130)Windows Spooler DriverMicrosoft® Windows® Operating SystemMicrosoft Corporationwinspool.drvMD5=D21FAA584F844E61375D95B5BE9115EE,SHA256=E221EA0081FDE7AAAD71A38016A8D470082B3732E9ED2D8ED7C97E9F41AF0045,IMPHASH=2005807FD04567B79F4109D23F9E6018trueMicrosoft WindowsValid 734700x8000000000000000115873583Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:36.189{3BF36828-7A8C-619D-83D0-02000000CC01}4072C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x8000000000000000115873582Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:36.189{3BF36828-7A8C-619D-83D0-02000000CC01}4072C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x8000000000000000115873581Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:36.189{3BF36828-7A8C-619D-83D0-02000000CC01}4072C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x8000000000000000115873580Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:36.189{3BF36828-7A8C-619D-83D0-02000000CC01}4072C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x8000000000000000115873579Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:36.189{3BF36828-7A8C-619D-83D0-02000000CC01}4072C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x8000000000000000115873578Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:36.189{3BF36828-7A8C-619D-83D0-02000000CC01}4072C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x8000000000000000115873577Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:36.189{3BF36828-7A8C-619D-83D0-02000000CC01}4072C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x8000000000000000115873576Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:36.189{3BF36828-7A8C-619D-83D0-02000000CC01}4072C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\combase.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=88632FDECDE467B887C3594BE2EC545C,SHA256=FFED4D80961917C785063411ED15CED1DB6588AD925E76D72E1BF684FFDBF25D,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x8000000000000000115873575Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:36.189{3BF36828-7A8C-619D-83D0-02000000CC01}4072C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x8000000000000000115873574Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:36.189{3BF36828-7A8C-619D-83D0-02000000CC01}4072C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x8000000000000000115873573Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:36.189{3BF36828-7A8C-619D-83D0-02000000CC01}4072C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x8000000000000000115873572Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:36.189{3BF36828-7A8C-619D-83D0-02000000CC01}4072C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x8000000000000000115873571Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:36.189{3BF36828-7A8C-619D-83D0-02000000CC01}4072C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x8000000000000000115873570Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:36.189{3BF36828-7A8C-619D-83D0-02000000CC01}4072C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x8000000000000000115873569Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:36.189{3BF36828-7A8C-619D-83D0-02000000CC01}4072C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4350 (rs1_release.210407-2154)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=BC930981DA6E598A6A2E87D8355CB38A,SHA256=34DB9A305C0574B5C1694A499221B520DFB2BFD894D8E95096ABF09F1182D758,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x8000000000000000115873568Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:36.189{3BF36828-7A8C-619D-83D0-02000000CC01}4072C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x8000000000000000115873567Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:36.189{3BF36828-7A8C-619D-83D0-02000000CC01}4072C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x8000000000000000115873566Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:36.189{3BF36828-7A8C-619D-83D0-02000000CC01}4072C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\advapi32.dll10.0.14393.2969 (rs1_release.190503-1820)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=F5442C4B9A99C3AED71BED79AC46DAD1,SHA256=05F47403F3BD93FB11F39A5CB4D6E4DD08B35FF4FA3D4969D8E5396D38FB484B,IMPHASH=D2F471BB25AF6310EB67BD4EA99B4DBCtrueMicrosoft WindowsValid 734700x8000000000000000115873565Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:36.189{3BF36828-7A8C-619D-83D0-02000000CC01}4072C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x8000000000000000115873564Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:36.189{3BF36828-7A8C-619D-83D0-02000000CC01}4072C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x8000000000000000115873563Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:36.189{3BF36828-7A8C-619D-83D0-02000000CC01}4072C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000115873562Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:36.189{3BF36828-7A8C-619D-83D0-02000000CC01}4072C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 10341000x8000000000000000115873561Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:36.189{3BF36828-989E-6185-C300-00000000CC01}59565960C:\Windows\system32\conhost.exe{3BF36828-7A8C-619D-83D0-02000000CC01}4072C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x8000000000000000115873560Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:36.189{3BF36828-7A8C-619D-83D0-02000000CC01}4072C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x8000000000000000115873559Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:36.189{3BF36828-7A8C-619D-83D0-02000000CC01}4072C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x8000000000000000115873558Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:36.189{3BF36828-7A8C-619D-83D0-02000000CC01}4072C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000115873557Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:36.189{3BF36828-7A8C-619D-83D0-02000000CC01}4072C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exeMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748trueSplunk, Inc.Valid 10341000x8000000000000000115873556Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:36.189{3BF36828-9799-6185-0C00-00000000CC01}8444904C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115873555Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:36.189{3BF36828-9799-6185-0C00-00000000CC01}8444904C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115873554Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:36.189{3BF36828-9799-6185-0C00-00000000CC01}8444904C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115873553Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:36.189{3BF36828-9799-6185-0C00-00000000CC01}8444904C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115873552Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:36.189{3BF36828-9797-6185-0500-00000000CC01}420436C:\Windows\system32\csrss.exe{3BF36828-7A8C-619D-83D0-02000000CC01}4072C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000115873551Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:36.189{3BF36828-989D-6185-BF00-00000000CC01}29682452C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3BF36828-7A8C-619D-83D0-02000000CC01}4072C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000115873550Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:36.176{3BF36828-7A8C-619D-83D0-02000000CC01}4072C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{3BF36828-9797-6185-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{3BF36828-989D-6185-BF00-00000000CC01}2968C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000115873549Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:36.173{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F0EEB3731E58FEDBDC492D6FF7E88627,SHA256=F31589B80AEB90E853ABB9819DEE689417873138FDD05DF06269BC75AD690B65,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873548Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:36.142{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E2DE0F45CCE83446B860580B82A1E610,SHA256=F0BD20ECE1EF6110F02734B002AE5FB10E8056CA007C5E272272CB93287621B5,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873547Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:36.142{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=01C020CC7C8680A90C457EDF99A6A35F,SHA256=A5CDA43CAE14A125B86842287F5D3A50BFC5435389C892F3A0B90F4442844595,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 13241300x8000000000000000115873604Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-SetValue2021-11-23 23:34:37.805{3BF36828-9799-6185-1000-00000000CC01}444C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d7e0c2-0xadfd4992) 23542300x8000000000000000115873603Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:37.326{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4B4656F83DBFC5F59CAB9BE93FBA9220,SHA256=D4897CE7677E26A61DB9D62582344574399295F05429558D157FBEBD42733244,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873602Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:37.326{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=7AD513E710CE4B6DAA72BB5DEDCC0C62,SHA256=6A76DEFA8C02F72A6F37C8E0CB6EC80BA95B5AA1B902BE19A034B1653BDF02B3,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000059058394Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:37.862{B81B27B7-7A8D-619D-E836-01000000CC01}9082696C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{B81B27B7-28B3-6193-2C00-00000000CC01}2332C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058393Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:37.675{B81B27B7-28B4-6193-3100-00000000CC01}31203140C:\Windows\system32\conhost.exe{B81B27B7-7A8D-619D-E836-01000000CC01}908C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058392Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:37.675{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058391Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:37.675{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058390Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:37.675{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058389Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:37.675{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058388Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:37.675{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058387Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:37.675{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058386Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:37.675{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058385Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:37.675{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058384Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:37.675{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058383Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:37.675{B81B27B7-28B0-6193-0500-00000000CC01}408528C:\Windows\system32\csrss.exe{B81B27B7-7A8D-619D-E836-01000000CC01}908C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000059058382Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:37.675{B81B27B7-28B3-6193-2C00-00000000CC01}23323408C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{B81B27B7-7A8D-619D-E836-01000000CC01}908C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000059058381Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:37.660{B81B27B7-7A8D-619D-E836-01000000CC01}908C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{B81B27B7-28B1-6193-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{B81B27B7-28B3-6193-2C00-00000000CC01}2332C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000059058380Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:37.018{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=53EB2CFF1ABE847E0CCB2B6246CA48B2,SHA256=D69BAE77CC0A59AC37276616A8DFB900BAE03D404E396502ADA5836C7E0F8256,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x8000000000000000115873607Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:02.080{3BF36828-9797-6185-0B00-00000000CC01}636C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-128.attackrange.local61839-true0:0:0:0:0:0:0:1win-dc-128.attackrange.local389ldap 354300x8000000000000000115873606Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:02.080{3BF36828-97A9-6185-2800-00000000CC01}2876C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-128.attackrange.local61839-true0:0:0:0:0:0:0:1win-dc-128.attackrange.local389ldap 23542300x8000000000000000115873605Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:38.326{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FB4DB87498C294576F52700C22657575,SHA256=640B8E3044D7D49E984D86D9632575AAE893518235A677554F25E16B535E7F54,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058411Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:38.706{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=8EC77CA10D84DA0BF2BA09B82839C2B8,SHA256=A34CDEEA6E1425E537626DD95D2C1B0DA043FB6550CF2E9E7328CC1679959E9A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058410Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:38.706{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=51AF1826D9A6187F842A679DEBD55BB5,SHA256=FDD8A68AD59E55BB044650C357AB43073B5C140470C11B6588971FAC6B89BE37,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000059058409Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:38.534{B81B27B7-7A8E-619D-E936-01000000CC01}50442584C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{B81B27B7-28B3-6193-2C00-00000000CC01}2332C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058408Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:38.362{B81B27B7-28B4-6193-3100-00000000CC01}31203140C:\Windows\system32\conhost.exe{B81B27B7-7A8E-619D-E936-01000000CC01}5044C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058407Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:38.362{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058406Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:38.362{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058405Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:38.362{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058404Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:38.362{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058403Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:38.362{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058402Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:38.362{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058401Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:38.362{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058400Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:38.362{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058399Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:38.362{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058398Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:38.362{B81B27B7-28B0-6193-0500-00000000CC01}408528C:\Windows\system32\csrss.exe{B81B27B7-7A8E-619D-E936-01000000CC01}5044C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000059058397Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:38.346{B81B27B7-28B3-6193-2C00-00000000CC01}23323408C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{B81B27B7-7A8E-619D-E936-01000000CC01}5044C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000059058396Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:38.347{B81B27B7-7A8E-619D-E936-01000000CC01}5044C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{B81B27B7-28B1-6193-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{B81B27B7-28B3-6193-2C00-00000000CC01}2332C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000059058395Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:38.128{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9DEF4BFED9A4B5F86708803236D0A296,SHA256=56C7DDBA134AEFE4088F49FBB06D0E3F65DA348D746594E57954F6CC8B45354B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873608Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:39.357{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=733BBBC616A7084C0D3F2ED96766B9B3,SHA256=E05587CD99119E5B07EEA796E95C85D072AFD37BBA89A699A4F189876E41954E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000059058440Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:39.659{B81B27B7-28B4-6193-3100-00000000CC01}31203140C:\Windows\system32\conhost.exe{B81B27B7-7A8F-619D-EB36-01000000CC01}3500C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058439Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:39.659{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058438Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:39.659{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058437Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:39.659{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058436Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:39.659{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058435Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:39.659{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058434Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:39.659{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058433Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:39.659{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058432Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:39.659{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058431Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:39.659{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058430Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:39.659{B81B27B7-28B0-6193-0500-00000000CC01}408528C:\Windows\system32\csrss.exe{B81B27B7-7A8F-619D-EB36-01000000CC01}3500C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000059058429Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:39.659{B81B27B7-28B3-6193-2C00-00000000CC01}23323408C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{B81B27B7-7A8F-619D-EB36-01000000CC01}3500C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000059058428Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:39.644{B81B27B7-7A8F-619D-EB36-01000000CC01}3500C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{B81B27B7-28B1-6193-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{B81B27B7-28B3-6193-2C00-00000000CC01}2332C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000059058427Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:39.346{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=59AF30549232DB96409EDB0D14C2D788,SHA256=063E87D448C29A1E1AD13B76E8A42086B9D46D6BB7940A1D06923E5430D139E0,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000059058426Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:24.921{B81B27B7-28BE-6193-7E00-00000000CC01}5272C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58100-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 10341000x800000000000000059058425Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:39.175{B81B27B7-7A8F-619D-EA36-01000000CC01}47645260C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{B81B27B7-28B3-6193-2C00-00000000CC01}2332C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058424Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:39.050{B81B27B7-28B4-6193-3100-00000000CC01}31203140C:\Windows\system32\conhost.exe{B81B27B7-7A8F-619D-EA36-01000000CC01}4764C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058423Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:39.050{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058422Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:39.050{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058421Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:39.050{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058420Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:39.050{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058419Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:39.050{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058418Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:39.050{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058417Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:39.050{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058416Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:39.050{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058415Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:39.050{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058414Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:39.050{B81B27B7-28B0-6193-0500-00000000CC01}408528C:\Windows\system32\csrss.exe{B81B27B7-7A8F-619D-EA36-01000000CC01}4764C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000059058413Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:39.050{B81B27B7-28B3-6193-2C00-00000000CC01}23323408C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{B81B27B7-7A8F-619D-EA36-01000000CC01}4764C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000059058412Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:39.035{B81B27B7-7A8F-619D-EA36-01000000CC01}4764C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{B81B27B7-28B1-6193-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{B81B27B7-28B3-6193-2C00-00000000CC01}2332C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000115873610Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:40.372{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=09CF53DE614FA37014073E2B07160BE9,SHA256=EFA527260F9392D350F5DD6FC71661E04D6E6337A05FE1E2E619BDEEF949B1C7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058442Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:40.175{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=820CF458CCE25FA975C78B343C9F8547,SHA256=A66091438C063713EC3E92B06692CD007B7719D13C8871237FA180E9ED5301A8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873609Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:40.209{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=E26B9829EB8F7C2C2E45FCC1A937BC96,SHA256=45D3DC79D4B40378A7D34393B0DB2DE17C6B09DC53C1A8A3003748D974D875C2,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058441Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:40.143{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=8EC77CA10D84DA0BF2BA09B82839C2B8,SHA256=A34CDEEA6E1425E537626DD95D2C1B0DA043FB6550CF2E9E7328CC1679959E9A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x8000000000000000115873612Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:04.842{3BF36828-98A5-6185-ED00-00000000CC01}2352C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local61840-false10.0.1.12-8000- 23542300x8000000000000000115873611Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:41.387{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=67CDC7C82465527F649F1C0883D046BA,SHA256=8834034956B4C6397413120D9F7C7CF4B383C23B47FA5D6CBDE1A8E51F3DEEF5,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058443Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:41.378{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3AD239A849FF8590C5598A8CF0660F3D,SHA256=212CFD7F9B70EB7F3EAE54F595FDF3E1E55D1E55FF75000D42FADBA520E94522,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058444Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:42.612{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3C341D5345694F40E25CC6F02A01D4D3,SHA256=B9FD23B2D63789C4001E5596AFE7CD992D2062F33CF562E8DFE1260D7A6637D8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873613Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:42.404{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=44BB9D50E5B0A29CF687D6DFF589192A,SHA256=8E08D8D2B74EF39E234E9D225F7E6E1A8657CB2F68546684D68E5E9B67A26142,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058445Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:43.628{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BE0833ED0E299C562652CBBEC908E347,SHA256=BCA5D14DCA1BD5DF1960C07CB9B014CD3C0E07805A68A6314755730F42E72DAE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873615Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:43.606{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=983FE18447B06289C4BB5330FCB483CE,SHA256=63A4A4A8828ECEC7B314BEA408C5228672513CCFD54A1CC55D1346EE48EDCF4E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873614Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:43.453{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=01354F2E3C9D7A2C19549409BE650132,SHA256=97AF7A1C42DBF4DC16F4C19E43D0E9D3851CB229F48055D34A357F008D5AB8B4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058447Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:44.846{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2A65FC3BC2DEA018083DDC5F31C960D9,SHA256=C9DCDABA01EAA8B64050607D0C3CD54E815CD59B589913CBD4AE22ED3DD542FA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873616Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:44.484{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DAD4930D4A9C5F8791D9B88D09D529EE,SHA256=777A526844E3991EF18D824F4050881D3E35FF185D19FD69F821BA57CB929289,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000059058446Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:30.812{B81B27B7-28BE-6193-7E00-00000000CC01}5272C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58101-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x8000000000000000115873618Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:45.520{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1E987AA15AAE7F727F81F4553A5E40B6,SHA256=97DBA1C535A24E8F8AC00F186FF8AAD2067588B54F16807A11880A3B696F5272,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873617Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:45.251{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B575588C868BFA5D7E95615F1C1A2C36,SHA256=62D63B524FE34B0D384BC2F91AE23132193E1C36E594C6944716EF3F9E234622,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873620Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:46.534{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0BA9ED52D4B16577A774FD78D6BC46B9,SHA256=E16E160CC3D8E076B076EC49C3EE2571FC359EA7B8E48F9EE9BC5FF3AAE3D4FF,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058448Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:46.081{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FC60DE1C1E2C2AF86A7D6B21FB20A113,SHA256=4387E3A04A0B8BCB6ABBDE233B9C17B5BE3B5B55ACA4B1E3A3D1BFB54905DC24,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x8000000000000000115873619Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:09.891{3BF36828-98A5-6185-ED00-00000000CC01}2352C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local61841-false10.0.1.12-8000- 23542300x8000000000000000115873621Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:47.548{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F83495258051A77FCED991E6182BF555,SHA256=935BE730A5B297BC11ABACAD17D232FED10F883E8005A635CC1204996ADDFB6B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058449Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:47.222{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AE6C34AED6419776054C6C74624D9CBF,SHA256=8D56F0A3BBF5EE366F4BCD70050C3A5280283CACEB838092F8C5E6655378B1FD,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873623Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:48.600{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=00BCB92CEB101C0EE4152B11A18EC8DB,SHA256=25C0E7C3D0072842B16E149B8FF12843F60ECE2C7E5D1443B9A2CCDB02CE524C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873622Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:48.579{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=38B4F70CEC5BEBD80B5ED1778DCAA76C,SHA256=983EACF520FC5D475256CC53D7C3A35D58588BB7014A7ED17A59FB1D65C32CE0,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058450Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:48.228{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C8663BDD6F587BD4CD41068B57CE1E19,SHA256=0689D8449ABD1300083463121847382E48CE53E658303E9B07947A8D0B6BE473,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000059058454Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:35.947{B81B27B7-28AE-6193-0100-00000000CC01}4SystemNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.255ip-10-0-1-255.us-west-2.compute.internal138netbios-dgmfalse10.0.1.15win-host-987.attackrange.local138netbios-dgm 354300x800000000000000059058453Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:35.947{B81B27B7-28AE-6193-0100-00000000CC01}4SystemNT AUTHORITY\SYSTEMudptruefalse10.0.1.15win-host-987.attackrange.local138netbios-dgmfalse10.0.1.255ip-10-0-1-255.us-west-2.compute.internal138netbios-dgm 354300x800000000000000059058452Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:35.865{B81B27B7-28BE-6193-7E00-00000000CC01}5272C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58102-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000059058451Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:49.228{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CCB82FA7025036461682FC77730A6C43,SHA256=30CED6301EEE6E3701EB64DA950F1DE1DBDBF47CD515E3B833AFFE57850E77CD,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873624Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:49.616{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=56152DD19F43A9E3CB9D65D55789213B,SHA256=462450CF84AA021A1582831021521C249BD75EB1D2079FA440C564DDD71AB286,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873626Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:50.646{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B6AAB6439FD3E4728041DAE073D4F3A7,SHA256=66E4700C7515B01F4D1C7CFE51F48298B5E1097064629DC6ED40A99DE565D194,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058455Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:50.244{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1AC5683EFCF31418FB8964C33F292D8C,SHA256=B1F45E8DC4FF4EAB77275A9D79A77EBF334E8B6E4801A274F8E7FB44563FC749,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873625Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:50.262{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B80880FF94B30C289947EBF0F881E589,SHA256=91E3A43757930A71D664CA78D3483455DDA1B88717D27932BF4F3B863BA403EE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873628Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:51.677{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E6F45255F128BDEE2558808A430AB8B0,SHA256=C02CF1D7EF965D4584AF577BB25F0D0998A9D919CEDC7FCC3A352596FE9AAF0A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058456Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:51.260{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5B100601CE2DAA83DF1EC714537EBA7A,SHA256=5513B8294971A42C854034F98D6C220F8EAAA054609628E3ECD4F3FFB6D09916,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x8000000000000000115873627Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:14.902{3BF36828-98A5-6185-ED00-00000000CC01}2352C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local61842-false10.0.1.12-8000- 23542300x8000000000000000115873629Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:52.713{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=65F55C13F37623B08E71DE4789349949,SHA256=A287374A3EE856F30A679F4098F6435337F41A6EB1EF8AD7031A81DDB598FB09,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058457Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:52.260{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=95168A6F3D86A628B5D19C86E2759595,SHA256=6A53CC24CE7D3D259189831DF4238EF3AAE62EAF264BE97438C4A42F0DF9C6FE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873630Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:53.728{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4D493295A7DAB1569FE21E5F670CC1B2,SHA256=5DFC2037E6956C8C8FF493134F993C1450D79AA14C291517A94EBE8A81231B6D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058458Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:53.260{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=04E47F5DF6D528C27404109945DE2F7C,SHA256=98AA408FD2DC3E1CA8EB0BEB113E337817458569FCB0E827A8B8215F2FC76389,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873631Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:54.742{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=32F2ABC6EBCABA3C6CD0406A37C10804,SHA256=BB221D85E57AD1B68A4197736EAA0B3CF6804F8973D0F9874E097090E735BD1F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058459Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:54.275{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BD30E36FA2AC506582C15BF95D74E429,SHA256=12CCB5B9AA714549BC7DE74C27FE4981CF8EA402CF2D3CD7EF413C96CE3343AD,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873632Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:55.772{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=01A9B4808B40E9CA9AFAE81EADACDD62,SHA256=6ACD4974902F340448B3C328B136559EB3D5A0F22063832E2DEFBC4E9678ABF4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000059058461Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:41.803{B81B27B7-28BE-6193-7E00-00000000CC01}5272C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58103-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000059058460Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:55.275{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C211619A27C07B3C0812A4D9524D5F45,SHA256=9C30229E66A240A7463424196AE9DB71C983D1DFBBD0C31FB69FFE30474EFE7A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873636Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:56.808{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=249CC26D681306FC6C65A244453D83F8,SHA256=A645E6F732C60C99AFC5D9DC79C13E4D277A5F5C2FA90252D46FC0A6A2CE0738,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058462Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:56.291{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3E4E60382E048C758DA149C9292F8DB7,SHA256=BDEA475B44F3CA3FA305C27039ED685183EDB48648E1B117AE9658A653E80E2F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x8000000000000000115873635Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:20.727{3BF36828-98A5-6185-ED00-00000000CC01}2352C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local61843-false10.0.1.12-8000- 23542300x8000000000000000115873634Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:56.090{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A59508A10D7FEEACCB34491B6E8541F5,SHA256=12B9D0BD1A30DB9B3268592156BEB4E71F86BD642C8C83B91E9FEE0C782DA205,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873633Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:56.089{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A30B333F53F64C288F4FC2C194B603D1,SHA256=73A41DD19598B6C3EC0B80DE7A027C16C9B43947C1B5D0B9CB6CB5E76A0A6182,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873637Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:57.838{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EDFDBB3444D75A0FE1BE38CD0CF1B1CC,SHA256=7483E83B37978C4AAA5B2B42023DCD6E5D298DBAD044B189D0BCF29FB321BFE2,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058463Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:57.291{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2DC21B4F49B37558BFE280FE900D06F3,SHA256=25C9DB1F6FDDA33A3D8A721C397F932E929DB4CCDCFB36C028A5EA2AF2422E78,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873638Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:58.869{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ECE2904F51C3C63CB0E1199E0D1FA58C,SHA256=4296DA6F55BD072B2E45914941B5C4414EA1847E7C2D91B186CA0D443CB5B427,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058464Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:58.307{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=35F567C58F39A565B1B5E5393F87BD89,SHA256=941D1C397D5DA8D134B85705988069602226A080D0FD652C9EBD7D25AD84F2A6,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873639Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:34:59.905{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=80C003273E505F239B0131D913BB19A4,SHA256=F30CE3654BB17EAF0946E9F5FFCF227ED86B9F71BAE5E8FB12E366F316EB458D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058465Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:59.307{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6C76A3A802C979CAB895863B9E3B81AE,SHA256=1365392A492F29AA1C3F99AE3EE3CAEAB63A90B7B3977B05716D9CABE5DFAD5F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873640Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:00.935{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D631B42E437AC9A86782727834168971,SHA256=0FF1E68D8BA5D78CAD8EA50BEE075232CC02381264E234924E401F3719EF8549,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058466Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:00.322{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1B33E9E0861D46C904D4905A985A5A70,SHA256=6B5030E252481CD2C8B432896EF1FC623414E08F52308164DCC6B1650F215DD7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873644Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:01.966{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=471AF379C83B752AFB164052FE6D8E03,SHA256=CD515F10537C0B33BE2A03632DCA2FA3590B6DDF5E79C1E86FAC30A4DD43463E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x8000000000000000115873643Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:25.737{3BF36828-98A5-6185-ED00-00000000CC01}2352C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local61844-false10.0.1.12-8000- 23542300x8000000000000000115873642Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:01.104{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=41F3E687CB41DC0690F97EB81A5995E1,SHA256=8B179551731D9F2CCDD461D9F778DB5B5649606DBC88EBD94A0BB6A0A3BF3534,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873641Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:01.104{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A59508A10D7FEEACCB34491B6E8541F5,SHA256=12B9D0BD1A30DB9B3268592156BEB4E71F86BD642C8C83B91E9FEE0C782DA205,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058468Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:01.322{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9330FB7D5DD23310434B5137318FDE34,SHA256=C162837CE8355005276867B8A3CAAABF96CAADB8BE029C9B1DAFAD32F75A943C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000059058467Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:46.881{B81B27B7-28BE-6193-7E00-00000000CC01}5272C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58104-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000059058469Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:02.338{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AAFD99E4455DC6A9FD4476A05F2EE73E,SHA256=1975D8E3DC3F12A3093DB97E0D80E5C2C9AE7DFCA8FD2F3BED347489CD0F2F73,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058496Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:03.353{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1E55BC191B1D4E3B034C86313BC7CB82,SHA256=B2A719DE1766A4C68B36739905943767F7272694FF407898F3213261B62A4AC5,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873646Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:03.603{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=41F3E687CB41DC0690F97EB81A5995E1,SHA256=8B179551731D9F2CCDD461D9F778DB5B5649606DBC88EBD94A0BB6A0A3BF3534,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873645Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:03.002{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=983C7623479029A3B7D944398B23B6FD,SHA256=306C916E9CF1EA7918923B02808D9A0257239D7CDA19A08C4F4B0DF7BEF756E4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000059058495Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:03.119{B81B27B7-28B1-6193-0E00-00000000CC01}824844C:\Windows\system32\svchost.exe{B81B27B7-28BC-6193-7600-00000000CC01}4688C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058494Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:03.119{B81B27B7-28B1-6193-0E00-00000000CC01}824844C:\Windows\system32\svchost.exe{B81B27B7-28BC-6193-7600-00000000CC01}4688C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058493Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:03.119{B81B27B7-28B1-6193-0E00-00000000CC01}824844C:\Windows\system32\svchost.exe{B81B27B7-28BC-6193-7600-00000000CC01}4688C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058492Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:03.119{B81B27B7-28B1-6193-0E00-00000000CC01}824844C:\Windows\system32\svchost.exe{B81B27B7-28BC-6193-7600-00000000CC01}4688C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058491Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:03.119{B81B27B7-28B1-6193-0E00-00000000CC01}824844C:\Windows\system32\svchost.exe{B81B27B7-28BC-6193-7600-00000000CC01}4688C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058490Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:03.119{B81B27B7-28B1-6193-0E00-00000000CC01}824844C:\Windows\system32\svchost.exe{B81B27B7-28BC-6193-7600-00000000CC01}4688C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058489Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:03.119{B81B27B7-28B1-6193-0E00-00000000CC01}824844C:\Windows\system32\svchost.exe{B81B27B7-28BC-6193-7600-00000000CC01}4688C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058488Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:03.119{B81B27B7-28B1-6193-0E00-00000000CC01}824844C:\Windows\system32\svchost.exe{B81B27B7-28BC-6193-7600-00000000CC01}4688C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058487Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:03.119{B81B27B7-28B1-6193-0E00-00000000CC01}824844C:\Windows\system32\svchost.exe{B81B27B7-28BC-6193-7600-00000000CC01}4688C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058486Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:03.119{B81B27B7-28B1-6193-0E00-00000000CC01}824844C:\Windows\system32\svchost.exe{B81B27B7-28BB-6193-7500-00000000CC01}3804C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058485Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:03.119{B81B27B7-28B1-6193-0E00-00000000CC01}824844C:\Windows\system32\svchost.exe{B81B27B7-28BB-6193-7500-00000000CC01}3804C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058484Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:03.119{B81B27B7-28B1-6193-0E00-00000000CC01}824844C:\Windows\system32\svchost.exe{B81B27B7-28BB-6193-7500-00000000CC01}3804C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058483Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:03.119{B81B27B7-28B1-6193-0E00-00000000CC01}824844C:\Windows\system32\svchost.exe{B81B27B7-28BB-6193-7500-00000000CC01}3804C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058482Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:03.119{B81B27B7-28B1-6193-0E00-00000000CC01}824844C:\Windows\system32\svchost.exe{B81B27B7-28BB-6193-7500-00000000CC01}3804C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058481Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:03.119{B81B27B7-28B1-6193-0E00-00000000CC01}824844C:\Windows\system32\svchost.exe{B81B27B7-28BB-6193-7500-00000000CC01}3804C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058480Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:03.119{B81B27B7-28B1-6193-0E00-00000000CC01}824844C:\Windows\system32\svchost.exe{B81B27B7-28BB-6193-7500-00000000CC01}3804C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058479Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:03.119{B81B27B7-28B1-6193-0E00-00000000CC01}824844C:\Windows\system32\svchost.exe{B81B27B7-28BB-6193-7500-00000000CC01}3804C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058478Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:03.119{B81B27B7-28B1-6193-0E00-00000000CC01}824844C:\Windows\system32\svchost.exe{B81B27B7-28BB-6193-7500-00000000CC01}3804C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058477Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:03.119{B81B27B7-28B1-6193-0E00-00000000CC01}824844C:\Windows\system32\svchost.exe{B81B27B7-28BB-6193-7500-00000000CC01}3804C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058476Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:03.119{B81B27B7-28B1-6193-0E00-00000000CC01}824844C:\Windows\system32\svchost.exe{B81B27B7-28BB-6193-7500-00000000CC01}3804C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058475Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:03.119{B81B27B7-28B1-6193-0E00-00000000CC01}824844C:\Windows\system32\svchost.exe{B81B27B7-28BB-6193-7500-00000000CC01}3804C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058474Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:03.119{B81B27B7-28B1-6193-0E00-00000000CC01}824844C:\Windows\system32\svchost.exe{B81B27B7-28BB-6193-7500-00000000CC01}3804C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058473Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:03.119{B81B27B7-28B1-6193-0E00-00000000CC01}824844C:\Windows\system32\svchost.exe{B81B27B7-28BB-6193-7500-00000000CC01}3804C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058472Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:03.119{B81B27B7-28B1-6193-0E00-00000000CC01}824844C:\Windows\system32\svchost.exe{B81B27B7-28BC-6193-7700-00000000CC01}4860C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058471Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:03.119{B81B27B7-28B1-6193-0E00-00000000CC01}824844C:\Windows\system32\svchost.exe{B81B27B7-28BC-6193-7700-00000000CC01}4860C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058470Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:03.119{B81B27B7-28B1-6193-0E00-00000000CC01}824844C:\Windows\system32\svchost.exe{B81B27B7-28BC-6193-7700-00000000CC01}4860C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000059058498Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:04.369{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DB2F6307FAF9E7A21A04F4075D72407A,SHA256=DE84C0E21042ACFC4766E3E553A686860F47243BE5A41A20FD108668B5987DDA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873647Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:04.003{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=89AA0B980DE35222CCD4E4AA8F68ACB3,SHA256=95F4AC988E569DDD8B14DAD149BE6050C64ED5C0FFFFFDFFA6C1985711824A1C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058497Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:04.291{B81B27B7-28B3-6193-2C00-00000000CC01}2332NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=9D45E1BDB6F237A6CF51FFC6A12E6130,SHA256=87EEE278CDF62B2B86AF9CB87BDB04BAFB10272CEA175D83979B0C43158C5AB9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058499Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:05.385{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2721A845442ADFEE489B4960DF03D92A,SHA256=8F7EBFD4C6D71002C75E18A6B15B16639DB30F78FE70F4B96024400D9DF9E29C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873648Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:05.048{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=311991733A293DFBEA8FEED87E7F6D93,SHA256=D38F69DBE26C461EF85216C9C8DA8CB23AC098C8F21532600A3CC9BDE7772C1E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873650Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:06.132{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=ADB98F7A7829D8CBEA0512C8B7ED2E81,SHA256=7540FB2DA4533CE582516BA6342D221CD53B12B4C7C82EB2B86C8F81EEB4D57A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873649Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:06.063{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=274885254F870B564433BF4CF1611458,SHA256=8357EE7E269021843A1413F2EF24AB2A65C9878BAF74DFC766158A71D1762B3F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058501Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:06.400{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3A97B871EBE601B2F41A36FDB7B7CF06,SHA256=B8AD14F6C891A63261FD318DD1CD9A180BF7E7D7ACC8EDB788F3EF289214A21E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000059058500Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:51.959{B81B27B7-28B3-6193-2C00-00000000CC01}2332C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58105-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8089- 23542300x800000000000000059058503Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:07.416{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AA4DDC9B919563ABCF1BA1DBDCFC67B7,SHA256=011A52592B98AC917FB97C9C19498076A290AF8A3811B236718361B68FDE3889,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873652Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:07.116{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ABFC3D983175E778F75C547605355C8E,SHA256=AB4B14133F303FD969B4EB182F6C991A18B44D8809C8D1E9798B71C902D67903,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x8000000000000000115873651Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:30.772{3BF36828-98A5-6185-ED00-00000000CC01}2352C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local61845-false10.0.1.12-8000- 354300x800000000000000059058502Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:52.740{B81B27B7-28BE-6193-7E00-00000000CC01}5272C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58106-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000059058504Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:08.423{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B82E889B5465654BB914F4783CEE9F84,SHA256=17DCDCD9FCE0702D4C825D22B1770FEE201E5CD3A26829C5A16C4D8059C07C19,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873654Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:08.615{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=3890E8F749BD8231DDA6C57F54DA2182,SHA256=9A6A63315E59080C5E30B639F940C28381509013B920AE0A13192F21C5ADE418,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873653Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:08.131{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=013C3FE054242448BBB7D25B0B1FE8BF,SHA256=2FBD97478E84BD3D5A6107CA6FA7DBCA2B1DBD0EDACC0CDB3946556C9867B9AE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058505Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:09.436{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=166E58C38221CE0BF94DBD0C152EC165,SHA256=D7C75F1B6E5648B8E90CE1EA3D45217495E3AF383A2764A9E8569FD01F8913D1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873655Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:09.161{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EEFE33714E6DAB87585D2C66A10D50B2,SHA256=17DC515CF06B2DFD0A3737583CF76A05385AE9DA4456B170D71ADDA3EB39F70B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873656Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:10.177{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5D89C68F25E582BD0A911227D97C8939,SHA256=A5D7CF3736362497352C6D023B4B006B935ABAF799610C70A0DE142EEB0A6DCD,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058506Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:10.439{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=78F7192A14C4059A5F4E50CF52CD1826,SHA256=9B4F9F4DFD64D8461C7399922540D256501F56ACA4286CA01AF19D9000709F22,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058507Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:11.439{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B5525CC741597712C9D888F9BC93F603,SHA256=BA9348740CA170220FEDFEAC114ADE1925118CF6BB1A87D39C0899952CCA52F4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873658Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:11.211{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=E84D719A405609540F89284DA91A7541,SHA256=37717674CDC8D4B449606D5D486D7CEEBF5AB46B7BA45A2105BB7272541B043B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873657Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:11.196{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AA3168AE67CF4A9B6036BD97A2EDD803,SHA256=90D9E3728017ED68A4494B056A04106979F78CBDFAF531B4BAAAFD5FDD77DB25,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058509Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:12.455{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A8F6CAFE49B48DC5723D247DF1A1A831,SHA256=D8D771E54ACF01FDBD4AEF6504EE6B7F9D35BA1953EA4634058261F8620D4863,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x8000000000000000115873660Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:35.852{3BF36828-98A5-6185-ED00-00000000CC01}2352C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local61846-false10.0.1.12-8000- 23542300x8000000000000000115873659Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:12.211{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F49DD9707C33B857ECFF246CEDF479C8,SHA256=72F47586A7A107C3E6BFF9EBE15D5333B1D2F3EBC09DFE845AB1D79C8891C0D0,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000059058508Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:34:57.842{B81B27B7-28BE-6193-7E00-00000000CC01}5272C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58107-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000059058510Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:13.471{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C1615A2DECBB90BEAA6DB7192D264F2B,SHA256=58B4083CEE1E242B13DC932BBD9A47235E73B5A4CF35913C53BC46EC30B46ED0,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873661Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:13.226{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1C8E0033505F57FF8E6E773AE2D749E7,SHA256=AEA66632410F0F6303D253EF52023F1F8B46B38CD46C34B82D8911306CF73C41,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058511Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:14.471{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DDCE1901EF2E92AD5DB97AA01C49D448,SHA256=2861415D465D69B406D7A845CBD53CC1C0266412388B90F35B28A586DD892E39,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873662Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:14.241{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FBB51DFD4753C2C89B404998EBC090F4,SHA256=3FFCA20102B0C0CDBE12283C954527D01595E806BA8F19987ABA0058CD74B18E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058512Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:15.486{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A9563E1BC93FE79D787E878CCA700D9B,SHA256=40202448FABBC6AF4ECD3164A362E08B4C3ACB58F40DBE1D86F084423B3DE0FD,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873663Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:15.273{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E573BD82A6A3D57130FA45CBA84115B9,SHA256=8715F35F6D3AF7E1876144B38C880D965CA97A9A6DC638CBD95F096098D39521,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058516Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:16.502{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F1583C23262039FBBD00C88564A3FF00,SHA256=C9AD75ADEEFFCD8AFBF8971CDBE8E42D825FA9FBD71CA9C558E285358D47449F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873666Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:16.292{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=837485660785C41C5426A14E84D38461,SHA256=676455D5BB712402AADCDBB31D63F5C7A9F831C50DD2DC2626C544A304628C6B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000059058515Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:16.096{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B2-6193-1700-00000000CC01}1148C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058514Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:16.096{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B2-6193-1700-00000000CC01}1148C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058513Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:16.096{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B2-6193-1700-00000000CC01}1148C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000115873665Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:16.273{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=ABFADD4380F3E41625922A3A351391E8,SHA256=D1F359E924B9FAD28413A3FFF87D6035D9249D0BF9B4226F16A1AD63F8DEBCD1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873664Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:16.273{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=EE6DE0E214B0C85A80CB546B895AD14C,SHA256=B1A4FBE4DC07ED98A886325BA799E9FA6CBB753AD909359D30315BB2D8B0B8A7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058518Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:17.502{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=01FF68EE49EDA059881253DB026AF233,SHA256=685DC929171BE70BD205182CFEDCC6F681255F55721A3268820AF588E8C96E58,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873669Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:17.691{3BF36828-9799-6185-1100-00000000CC01}424NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=BD24494808C256FBE9CD60B0482DC7A6,SHA256=E272F47AC8A18CA36C50BFE219DE407C22226EC3CF52C7C87ECB9A0C71B5DAAC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x8000000000000000115873668Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:40.910{3BF36828-98A5-6185-ED00-00000000CC01}2352C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local61847-false10.0.1.12-8000- 23542300x8000000000000000115873667Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:17.322{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=675484C387DFCDD8DB144B26B7C26485,SHA256=48116A0EF9BD3D9155969DED4E19276DE0F87F3E2939DD41C691E75259AAE667,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000059058517Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:03.795{B81B27B7-28BE-6193-7E00-00000000CC01}5272C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58108-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000059058519Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:18.517{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BC05D04BC6236241228D62D0935F018E,SHA256=CAA2F9BB4FB56DDFFCAA0382C47877B2660FD70046E3753A7C2FF7611A3D4C2B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873670Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:18.352{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C8200773D1310D895AFACFDA451FB37E,SHA256=C4EEB2B2F939CA0885D4D698FE1B14FA1760A5FDB54B02F402E85286ED758D4A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058520Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:19.533{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EBDA6D122CEA3C27C16F4E155D316D7F,SHA256=1E7215BAF9D45A3042BC699F53EEEF28EF103558D4AF0F5884AB8069F443B62C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873671Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:19.373{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=06387FD866E3D36DEC572DFEBA0AE0FE,SHA256=0BC52C6B95C584CB759F3A80FBB9F910FDAFCA582B550A444DF3995BA2694DF8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058521Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:20.533{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=61694AC3EAC2BB555AE7199697EAB131,SHA256=937F18245A58CB8E63044B17B2ECA9DF1319179907A234B0C0A3DD021DE85708,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873672Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:20.391{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9FBC06BE0D0308B996ECD9F0D4A47F37,SHA256=42E97BA7BC155FE3DF90B36756A615C7FCDC6A14BBEE829C8F04889905430336,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058522Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:21.549{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9E6BCA751CD38B6EA031FD2F2C67A11C,SHA256=F70F74EAD9EA31DD0784802CA092D6A94CDC1793C857775C8AF6F9B1B85B5F7B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873674Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:21.406{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=107E03E8C3A76419CDB331D080026FB3,SHA256=C1015A59D85F86E04DB09A4C2CF2C56977B751F9DAD82C68B8650E78BE6726A7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873673Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:21.006{3BF36828-989D-6185-BF00-00000000CC01}2968NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=9D45E1BDB6F237A6CF51FFC6A12E6130,SHA256=87EEE278CDF62B2B86AF9CB87BDB04BAFB10272CEA175D83979B0C43158C5AB9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873679Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:22.420{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=47AD64C7E9B9DBC62DADAD3D9FAC12DC,SHA256=C25247B528627553687A00209A85F207200ADCC96CE3E96B3E358038D42E7F02,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058523Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:22.564{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=86FAED50F318C070FDB928605B67D879,SHA256=2110E73D0316D85E82D61816DB0DD718150B86D3EF3B4157A30889470DAD1F86,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x8000000000000000115873678Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:46.792{3BF36828-98A5-6185-ED00-00000000CC01}2352C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local61849-false10.0.1.12-8000- 354300x8000000000000000115873677Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:46.661{3BF36828-989D-6185-BF00-00000000CC01}2968C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local61848-false10.0.1.12-8089- 23542300x8000000000000000115873676Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:22.021{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A04D6FEFC72F7A3ADE5A41CF40E2CB15,SHA256=86FADB11861AC5F1871FEBE4B36A9E7C6CE61713313F42672B8247168C111B16,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873675Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:22.021{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=ABFADD4380F3E41625922A3A351391E8,SHA256=D1F359E924B9FAD28413A3FFF87D6035D9249D0BF9B4226F16A1AD63F8DEBCD1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873681Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:23.650{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A04D6FEFC72F7A3ADE5A41CF40E2CB15,SHA256=86FADB11861AC5F1871FEBE4B36A9E7C6CE61713313F42672B8247168C111B16,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873680Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:23.435{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6F857C223972159A533FDA32D79B7115,SHA256=2AD46956A60954CFEAE32AD211494ABD3410E248A00C40BAF7707F9ECDEC5EF6,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000059058526Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:08.826{B81B27B7-28BE-6193-7E00-00000000CC01}5272C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58109-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000059058525Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:23.580{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=404A9E209AD0081DA86094642ED30261,SHA256=79D29B1B2587694809619EB1EEB5A06202E90DCFB8C34C672FB1B43F45E60302,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058524Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:23.111{B81B27B7-28B2-6193-1300-00000000CC01}364NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=11F5A1D3411FDCEB892B411BBF892221,SHA256=D941F57DA67ECEC9BAFB463A06BCB5137E2E5C9F21D87628B68C2847113037FF,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058527Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:24.596{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4C7FB261B1208AF2819C1D5B2E60C0BE,SHA256=78A6E7D182DC7B7D805532379E091874CA1BBFACC65BA4E01E3D1B88CE6FCB6D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873682Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:24.450{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=915354AA1F7C9933B0F3BFA70F6C98D8,SHA256=21D3CE859391B0979FCF713F34F7B7E45E33338EA264595E1CFFC51286B99351,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058528Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:25.611{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3E63348B55446FC0B1BD0FCBB748D64C,SHA256=073ADC14ADE04C061A517290C7B58E231E48FB90F74D96786CDAD1D0D7B92383,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873683Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:25.466{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FE757FA527E7327FB6793844D790D378,SHA256=A4DD5B60A21C6291395B91AC9B02C7428846B46F5F990C783D6FAF9A6E9BE472,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058529Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:26.627{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6F6C0541FD67130A404368AC3A690506,SHA256=7E0D3658B8EA1B5238214425A1168AE57B7D926DB2D5CAE63EFBC9AA8F70A066,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873684Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:26.485{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=420495A5EE077D814EBCA2B3DFE1FBEE,SHA256=CE67BCE44BAEFA347CD549FDCBE04FD1FA40B41F5F68614925D5438651128B24,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000059058544Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:13.842{B81B27B7-28BE-6193-7E00-00000000CC01}5272C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58110-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000059058543Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:27.631{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EA12B0E272AD8F678AB8FBD314052391,SHA256=18459625386C8BC46A965938EC467C1946357552F37E190B07C052847385637F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873687Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:27.546{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CF85685A1F4BE537B0E969D62F0ABBB6,SHA256=B3E6646929719A49B7FBFFE48C073F8330B6453AE8522ACD6B8D4175681529EC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x8000000000000000115873686Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:51.903{3BF36828-98A5-6185-ED00-00000000CC01}2352C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local61850-false10.0.1.12-8000- 10341000x800000000000000059058542Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:27.533{B81B27B7-28B4-6193-3100-00000000CC01}31203140C:\Windows\system32\conhost.exe{B81B27B7-7ABF-619D-EC36-01000000CC01}4976C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058541Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:27.533{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058540Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:27.533{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058539Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:27.533{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058538Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:27.533{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058537Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:27.533{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058536Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:27.533{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058535Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:27.533{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058534Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:27.533{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058533Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:27.533{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058532Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:27.517{B81B27B7-28B0-6193-0500-00000000CC01}408424C:\Windows\system32\csrss.exe{B81B27B7-7ABF-619D-EC36-01000000CC01}4976C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000059058531Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:27.517{B81B27B7-28B3-6193-2C00-00000000CC01}23323408C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{B81B27B7-7ABF-619D-EC36-01000000CC01}4976C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000059058530Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:27.518{B81B27B7-7ABF-619D-EC36-01000000CC01}4976C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{B81B27B7-28B1-6193-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{B81B27B7-28B3-6193-2C00-00000000CC01}2332C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000115873685Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:27.284{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=FE2EA005B2CEA8D5FBD7951F5CD79EB5,SHA256=03D9447DC2E16979082E9207DF24876C1DB0B08AAD1FE012CBF3EC1ED661C972,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000059058574Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:28.897{B81B27B7-28B4-6193-3100-00000000CC01}31203140C:\Windows\system32\conhost.exe{B81B27B7-7AC0-619D-EE36-01000000CC01}1972C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058573Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:28.897{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058572Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:28.897{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058571Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:28.897{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058570Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:28.897{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058569Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:28.897{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058568Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:28.897{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058567Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:28.897{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058566Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:28.897{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058565Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:28.897{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058564Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:28.897{B81B27B7-28B0-6193-0500-00000000CC01}408424C:\Windows\system32\csrss.exe{B81B27B7-7AC0-619D-EE36-01000000CC01}1972C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000059058563Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:28.897{B81B27B7-28B3-6193-2C00-00000000CC01}23323408C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{B81B27B7-7AC0-619D-EE36-01000000CC01}1972C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000059058562Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:28.882{B81B27B7-7AC0-619D-EE36-01000000CC01}1972C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{B81B27B7-28B1-6193-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{B81B27B7-28B3-6193-2C00-00000000CC01}2332C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000059058561Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:28.647{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D6FF261E835BBCE983539E8D7B6EA98E,SHA256=3295EAC431441F070C2B649B7780BA0B4D1409A62E795EE9C1E1F682FFAC2BB4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873689Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:28.645{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A3C8777404F4F52772288912B5116360,SHA256=2548B8B954DCDE039C6ABA648C0748BA5AF4F66D8726E066DB8BBFA09950A971,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873688Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:28.563{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5B20C9489721034BDCE76950B14B95A3,SHA256=3BF65FB373AF4A4FC448FE52C2F7720C0513AD0AE29C302BB6CD5B5C29299954,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058560Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:28.616{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F87FAEDC0489BEE53D6D5F110D7FD04C,SHA256=A3A63E8E8030BF272699960AAA9AA39E43CBFA6761ED1398FE2605017F147772,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058559Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:28.616{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B56B32E74E2E9B0AB440423760887F15,SHA256=56AF41C6C5EC69DFF006C94172016D1A2F932261A8B8F43F967D2CA80827DCEA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000059058558Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:28.350{B81B27B7-7AC0-619D-ED36-01000000CC01}12762960C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{B81B27B7-28B3-6193-2C00-00000000CC01}2332C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058557Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:28.210{B81B27B7-28B4-6193-3100-00000000CC01}31203140C:\Windows\system32\conhost.exe{B81B27B7-7AC0-619D-ED36-01000000CC01}1276C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058556Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:28.210{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058555Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:28.210{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058554Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:28.210{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058553Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:28.210{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058552Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:28.210{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058551Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:28.210{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058550Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:28.210{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058549Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:28.210{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058548Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:28.210{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058547Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:28.210{B81B27B7-28B0-6193-0500-00000000CC01}408528C:\Windows\system32\csrss.exe{B81B27B7-7AC0-619D-ED36-01000000CC01}1276C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000059058546Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:28.210{B81B27B7-28B3-6193-2C00-00000000CC01}23323408C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{B81B27B7-7AC0-619D-ED36-01000000CC01}1276C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000059058545Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:28.195{B81B27B7-7AC0-619D-ED36-01000000CC01}1276C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{B81B27B7-28B1-6193-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{B81B27B7-28B3-6193-2C00-00000000CC01}2332C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000115873714Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:29.762{3BF36828-9799-6185-0D00-00000000CC01}904928C:\Windows\system32\svchost.exe{3BF36828-D71B-619B-EA9E-02000000CC01}4372C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115873713Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:29.762{3BF36828-9799-6185-0D00-00000000CC01}904928C:\Windows\system32\svchost.exe{3BF36828-D71B-619B-EA9E-02000000CC01}4372C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115873712Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:29.762{3BF36828-9799-6185-0D00-00000000CC01}904928C:\Windows\system32\svchost.exe{3BF36828-D71B-619B-EA9E-02000000CC01}4372C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115873711Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:29.762{3BF36828-9799-6185-0D00-00000000CC01}904928C:\Windows\system32\svchost.exe{3BF36828-D71B-619B-EA9E-02000000CC01}4372C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115873710Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:29.762{3BF36828-9799-6185-0D00-00000000CC01}904928C:\Windows\system32\svchost.exe{3BF36828-D71B-619B-EA9E-02000000CC01}4372C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115873709Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:29.762{3BF36828-9799-6185-0D00-00000000CC01}904928C:\Windows\system32\svchost.exe{3BF36828-D71B-619B-EA9E-02000000CC01}4372C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115873708Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:29.762{3BF36828-9799-6185-0D00-00000000CC01}904928C:\Windows\system32\svchost.exe{3BF36828-D71B-619B-EA9E-02000000CC01}4372C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115873707Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:29.761{3BF36828-9799-6185-0D00-00000000CC01}904928C:\Windows\system32\svchost.exe{3BF36828-D71B-619B-EB9E-02000000CC01}6156C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115873706Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:29.761{3BF36828-9799-6185-0D00-00000000CC01}904928C:\Windows\system32\svchost.exe{3BF36828-D71B-619B-EB9E-02000000CC01}6156C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115873705Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:29.761{3BF36828-9799-6185-0D00-00000000CC01}904928C:\Windows\system32\svchost.exe{3BF36828-D71B-619B-EB9E-02000000CC01}6156C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115873704Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:29.761{3BF36828-9799-6185-0D00-00000000CC01}904928C:\Windows\system32\svchost.exe{3BF36828-D71A-619B-E89E-02000000CC01}5324C:\Windows\explorer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115873703Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:29.761{3BF36828-9799-6185-0D00-00000000CC01}904928C:\Windows\system32\svchost.exe{3BF36828-D71A-619B-E89E-02000000CC01}5324C:\Windows\explorer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115873702Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:29.761{3BF36828-9799-6185-0D00-00000000CC01}904928C:\Windows\system32\svchost.exe{3BF36828-D71A-619B-E89E-02000000CC01}5324C:\Windows\explorer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115873701Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:29.761{3BF36828-9799-6185-0D00-00000000CC01}904928C:\Windows\system32\svchost.exe{3BF36828-D71A-619B-E89E-02000000CC01}5324C:\Windows\explorer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115873700Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:29.760{3BF36828-9799-6185-0D00-00000000CC01}904928C:\Windows\system32\svchost.exe{3BF36828-D71A-619B-E89E-02000000CC01}5324C:\Windows\explorer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115873699Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:29.760{3BF36828-9799-6185-0D00-00000000CC01}904928C:\Windows\system32\svchost.exe{3BF36828-D71A-619B-E89E-02000000CC01}5324C:\Windows\explorer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115873698Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:29.760{3BF36828-9799-6185-0D00-00000000CC01}904928C:\Windows\system32\svchost.exe{3BF36828-D71A-619B-E89E-02000000CC01}5324C:\Windows\explorer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115873697Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:29.760{3BF36828-9799-6185-0D00-00000000CC01}904928C:\Windows\system32\svchost.exe{3BF36828-D71A-619B-E89E-02000000CC01}5324C:\Windows\explorer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115873696Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:29.760{3BF36828-9799-6185-0D00-00000000CC01}904928C:\Windows\system32\svchost.exe{3BF36828-D71A-619B-E89E-02000000CC01}5324C:\Windows\explorer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115873695Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:29.760{3BF36828-9799-6185-0D00-00000000CC01}904928C:\Windows\system32\svchost.exe{3BF36828-D71A-619B-E89E-02000000CC01}5324C:\Windows\explorer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115873694Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:29.760{3BF36828-9799-6185-0D00-00000000CC01}904928C:\Windows\system32\svchost.exe{3BF36828-D71A-619B-E89E-02000000CC01}5324C:\Windows\explorer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115873693Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:29.760{3BF36828-9799-6185-0D00-00000000CC01}904928C:\Windows\system32\svchost.exe{3BF36828-D71A-619B-E89E-02000000CC01}5324C:\Windows\explorer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115873692Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:29.760{3BF36828-9799-6185-0D00-00000000CC01}904928C:\Windows\system32\svchost.exe{3BF36828-D71A-619B-E89E-02000000CC01}5324C:\Windows\explorer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115873691Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:29.760{3BF36828-9799-6185-0D00-00000000CC01}904928C:\Windows\system32\svchost.exe{3BF36828-D71A-619B-E89E-02000000CC01}5324C:\Windows\explorer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000115873690Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:29.582{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=57874823230C53369B432E1D1D315EDA,SHA256=2D6B8FABDD0676E65913739A316ECD9FF9BA4F634EB6745E14D952DF54C7F77E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058575Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:29.663{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DAF4A23AB9C6006B63E1C407B89C3543,SHA256=E3EA5D0BD2F304F992D63F98581EF11FE3F3D90CB10CB0D97F78E2EB85354B07,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058577Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:30.663{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2DADDFA12FCCD7A445F2B1398573BDF6,SHA256=CA48A149EF9BD632E11C1D81250F37526FA3DC8BF2EA9A18D7BB60676BF7B09A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873715Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:30.612{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D33A9780EA679990016D7F2B8F142C5B,SHA256=5C6B9490B1FD14FE663DD7F06034F683A4546BF8A0DE8781937FC2A28804DC3B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058576Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:30.053{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F87FAEDC0489BEE53D6D5F110D7FD04C,SHA256=A3A63E8E8030BF272699960AAA9AA39E43CBFA6761ED1398FE2605017F147772,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058578Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:31.663{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=05ADCD7067D035BA08BB368A3E7B8912,SHA256=7CC2C7D7967C0C8CF934220CF8C1DD1BCEC4EA53F8C5C38448581F071B00B6CE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115873716Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:31.627{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=544119C2DFC0F59A228D8F7B554812BD,SHA256=787D47C9229E1FEFCEDC79A2A5482CB4ADF4C8E8C67FEA525EE36D90C2AF2282,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058579Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:32.678{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=45A234D421CBAEFE5BDCC5B774BD9750,SHA256=555959F5CEBBF02B6AF5BB0FF34ADCD01959047561C579345D49ECE9E9B1494E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x8000000000000000115873823Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:32.978{3BF36828-7AC4-619D-85D0-02000000CC01}2844C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 10341000x8000000000000000115873822Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:32.978{3BF36828-7AC4-619D-85D0-02000000CC01}28447164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{3BF36828-989D-6185-BF00-00000000CC01}2968C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x8000000000000000115873821Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:32.978{3BF36828-7AC4-619D-85D0-02000000CC01}2844C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x8000000000000000115873820Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:32.978{3BF36828-7AC4-619D-85D0-02000000CC01}2844C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x8000000000000000115873819Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:32.841{3BF36828-7AC4-619D-85D0-02000000CC01}2844C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x8000000000000000115873818Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:32.841{3BF36828-7AC4-619D-85D0-02000000CC01}2844C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=B6E99FD898E948657373BB02708C7C00,SHA256=90476029BD7AB0FEC53AAE567AE53BC0B09C7C5C8C7B8F19485BA872B74ED591,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x8000000000000000115873817Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:32.841{3BF36828-7AC4-619D-85D0-02000000CC01}2844C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x8000000000000000115873816Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:32.841{3BF36828-7AC4-619D-85D0-02000000CC01}2844C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x8000000000000000115873815Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:32.841{3BF36828-7AC4-619D-85D0-02000000CC01}2844C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x8000000000000000115873814Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:32.841{3BF36828-7AC4-619D-85D0-02000000CC01}2844C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x8000000000000000115873813Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:32.841{3BF36828-7AC4-619D-85D0-02000000CC01}2844C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x8000000000000000115873812Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:32.841{3BF36828-7AC4-619D-85D0-02000000CC01}2844C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x8000000000000000115873811Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:32.825{3BF36828-7AC4-619D-85D0-02000000CC01}2844C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x8000000000000000115873810Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:32.825{3BF36828-7AC4-619D-85D0-02000000CC01}2844C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x8000000000000000115873809Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:32.825{3BF36828-7AC4-619D-85D0-02000000CC01}2844C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x8000000000000000115873808Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:32.825{3BF36828-7AC4-619D-85D0-02000000CC01}2844C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x8000000000000000115873807Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:32.825{3BF36828-7AC4-619D-85D0-02000000CC01}2844C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x8000000000000000115873806Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:32.825{3BF36828-7AC4-619D-85D0-02000000CC01}2844C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=88632FDECDE467B887C3594BE2EC545C,SHA256=FFED4D80961917C785063411ED15CED1DB6588AD925E76D72E1BF684FFDBF25D,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x8000000000000000115873805Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:32.825{3BF36828-7AC4-619D-85D0-02000000CC01}2844C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x8000000000000000115873804Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:32.825{3BF36828-7AC4-619D-85D0-02000000CC01}2844C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x8000000000000000115873803Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:32.825{3BF36828-7AC4-619D-85D0-02000000CC01}2844C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x8000000000000000115873802Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:32.825{3BF36828-7AC4-619D-85D0-02000000CC01}2844C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000115873801Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:32.825{3BF36828-7AC4-619D-85D0-02000000CC01}2844C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x8000000000000000115873800Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:32.825{3BF36828-7AC4-619D-85D0-02000000CC01}2844C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x8000000000000000115873799Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:32.825{3BF36828-7AC4-619D-85D0-02000000CC01}2844C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x8000000000000000115873798Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:32.825{3BF36828-7AC4-619D-85D0-02000000CC01}2844C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x8000000000000000115873797Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:32.825{3BF36828-7AC4-619D-85D0-02000000CC01}2844C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x8000000000000000115873796Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:32.825{3BF36828-7AC4-619D-85D0-02000000CC01}2844C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4350 (rs1_release.210407-2154)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=BC930981DA6E598A6A2E87D8355CB38A,SHA256=34DB9A305C0574B5C1694A499221B520DFB2BFD894D8E95096ABF09F1182D758,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x8000000000000000115873795Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:32.825{3BF36828-7AC4-619D-85D0-02000000CC01}2844C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x8000000000000000115873794Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:32.825{3BF36828-7AC4-619D-85D0-02000000CC01}2844C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x8000000000000000115873793Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:32.825{3BF36828-7AC4-619D-85D0-02000000CC01}2844C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x8000000000000000115873792Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:32.825{3BF36828-7AC4-619D-85D0-02000000CC01}2844C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x8000000000000000115873791Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:32.825{3BF36828-7AC4-619D-85D0-02000000CC01}2844C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x8000000000000000115873790Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:32.825{3BF36828-7AC4-619D-85D0-02000000CC01}2844C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x8000000000000000115873789Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:32.825{3BF36828-7AC4-619D-85D0-02000000CC01}2844C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x8000000000000000115873788Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:32.825{3BF36828-7AC4-619D-85D0-02000000CC01}2844C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x8000000000000000115873787Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:32.825{3BF36828-7AC4-619D-85D0-02000000CC01}2844C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x8000000000000000115873786Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:32.825{3BF36828-7AC4-619D-85D0-02000000CC01}2844C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x8000000000000000115873785Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:32.825{3BF36828-7AC4-619D-85D0-02000000CC01}2844C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.2969 (rs1_release.190503-1820)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=F5442C4B9A99C3AED71BED79AC46DAD1,SHA256=05F47403F3BD93FB11F39A5CB4D6E4DD08B35FF4FA3D4969D8E5396D38FB484B,IMPHASH=D2F471BB25AF6310EB67BD4EA99B4DBCtrueMicrosoft WindowsValid 10341000x8000000000000000115873784Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:32.825{3BF36828-989E-6185-C300-00000000CC01}59565960C:\Windows\system32\conhost.exe{3BF36828-7AC4-619D-85D0-02000000CC01}2844C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x8000000000000000115873783Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:32.825{3BF36828-7AC4-619D-85D0-02000000CC01}2844C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x8000000000000000115873782Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:32.825{3BF36828-7AC4-619D-85D0-02000000CC01}2844C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x8000000000000000115873781Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:32.825{3BF36828-7AC4-619D-85D0-02000000CC01}2844C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000115873780Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:32.825{3BF36828-7AC4-619D-85D0-02000000CC01}2844C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1CtrueSplunk, Inc.Valid 10341000x8000000000000000115873779Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:32.825{3BF36828-9799-6185-0C00-00000000CC01}8444904C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115873778Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:32.825{3BF36828-9799-6185-0C00-00000000CC01}8444904C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115873777Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:32.825{3BF36828-9799-6185-0C00-00000000CC01}8444904C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115873776Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:32.825{3BF36828-9797-6185-0500-00000000CC01}420536C:\Windows\system32\csrss.exe{3BF36828-7AC4-619D-85D0-02000000CC01}2844C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000115873775Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:32.825{3BF36828-9799-6185-0C00-00000000CC01}8444904C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115873774Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:32.825{3BF36828-989D-6185-BF00-00000000CC01}29682452C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3BF36828-7AC4-619D-85D0-02000000CC01}2844C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000115873773Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:32.812{3BF36828-7AC4-619D-85D0-02000000CC01}2844C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{3BF36828-9797-6185-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{3BF36828-989D-6185-BF00-00000000CC01}2968C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000115873772Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:32.809{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=59A3F8F3869D30B1AA6CEF33A77B7E42,SHA256=CE9FF914138CB77320A2D388B4EA4D092DCD965B5884505703F98A51BA3DC652,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x8000000000000000115873771Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:32.341{3BF36828-7AC4-619D-84D0-02000000CC01}7960C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x8000000000000000115873770Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:32.326{3BF36828-7AC4-619D-84D0-02000000CC01}7960C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x8000000000000000115873769Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:32.326{3BF36828-7AC4-619D-84D0-02000000CC01}7960C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x8000000000000000115873768Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:32.195{3BF36828-7AC4-619D-84D0-02000000CC01}7960C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x8000000000000000115873767Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:32.195{3BF36828-7AC4-619D-84D0-02000000CC01}7960C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=B6E99FD898E948657373BB02708C7C00,SHA256=90476029BD7AB0FEC53AAE567AE53BC0B09C7C5C8C7B8F19485BA872B74ED591,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x8000000000000000115873766Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:32.195{3BF36828-7AC4-619D-84D0-02000000CC01}7960C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x8000000000000000115873765Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:32.179{3BF36828-7AC4-619D-84D0-02000000CC01}7960C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x8000000000000000115873764Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:32.179{3BF36828-7AC4-619D-84D0-02000000CC01}7960C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x8000000000000000115873763Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:32.179{3BF36828-7AC4-619D-84D0-02000000CC01}7960C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x8000000000000000115873762Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:32.179{3BF36828-7AC4-619D-84D0-02000000CC01}7960C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x8000000000000000115873761Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:32.179{3BF36828-7AC4-619D-84D0-02000000CC01}7960C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x8000000000000000115873760Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:32.179{3BF36828-7AC4-619D-84D0-02000000CC01}7960C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sspicli.dll10.0.14393.2580 (rs1_release_inmarket.181009-1745)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=5061339CE61C0B32DB8F51A95E3B2422,SHA256=60558CA374334D4C6BBAD475921538C14A9FF3422893348A0503C1F33015FD25,IMPHASH=4B1C9487A6420C18F688F0EC5BEB6F33trueMicrosoft WindowsValid 734700x8000000000000000115873759Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:32.179{3BF36828-7AC4-619D-84D0-02000000CC01}7960C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x8000000000000000115873758Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:32.179{3BF36828-7AC4-619D-84D0-02000000CC01}7960C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x8000000000000000115873757Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:32.179{3BF36828-7AC4-619D-84D0-02000000CC01}7960C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x8000000000000000115873756Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:32.179{3BF36828-7AC4-619D-84D0-02000000CC01}7960C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x8000000000000000115873755Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:32.179{3BF36828-7AC4-619D-84D0-02000000CC01}7960C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x8000000000000000115873754Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:32.179{3BF36828-7AC4-619D-84D0-02000000CC01}7960C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\combase.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=88632FDECDE467B887C3594BE2EC545C,SHA256=FFED4D80961917C785063411ED15CED1DB6588AD925E76D72E1BF684FFDBF25D,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x8000000000000000115873753Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:32.179{3BF36828-7AC4-619D-84D0-02000000CC01}7960C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x8000000000000000115873752Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:32.179{3BF36828-7AC4-619D-84D0-02000000CC01}7960C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x8000000000000000115873751Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:32.179{3BF36828-7AC4-619D-84D0-02000000CC01}7960C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x8000000000000000115873750Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:32.179{3BF36828-7AC4-619D-84D0-02000000CC01}7960C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x8000000000000000115873749Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:32.179{3BF36828-7AC4-619D-84D0-02000000CC01}7960C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x8000000000000000115873748Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:32.179{3BF36828-7AC4-619D-84D0-02000000CC01}7960C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x8000000000000000115873747Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:32.179{3BF36828-7AC4-619D-84D0-02000000CC01}7960C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x8000000000000000115873746Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:32.179{3BF36828-7AC4-619D-84D0-02000000CC01}7960C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x8000000000000000115873745Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:32.179{3BF36828-7AC4-619D-84D0-02000000CC01}7960C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x8000000000000000115873744Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:32.179{3BF36828-7AC4-619D-84D0-02000000CC01}7960C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x8000000000000000115873743Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:32.179{3BF36828-7AC4-619D-84D0-02000000CC01}7960C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x8000000000000000115873742Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:32.179{3BF36828-7AC4-619D-84D0-02000000CC01}7960C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000115873741Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:32.179{3BF36828-7AC4-619D-84D0-02000000CC01}7960C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x8000000000000000115873740Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:32.179{3BF36828-7AC4-619D-84D0-02000000CC01}7960C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x8000000000000000115873739Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:32.179{3BF36828-7AC4-619D-84D0-02000000CC01}7960C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x8000000000000000115873738Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:32.179{3BF36828-7AC4-619D-84D0-02000000CC01}7960C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x8000000000000000115873737Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:32.179{3BF36828-7AC4-619D-84D0-02000000CC01}7960C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\nsi.dll10.0.14393.3297 (rs1_release_1.191001-1045)NSI User-mode interface DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationnsi.dllMD5=994E2A6D2A0B38E0968B3998E42033AC,SHA256=491F2D1DE09C39B324BCF5800198AC7CCE755F4023F1FEB3854D33716461BC27,IMPHASH=B01B7830101BC0D5FBDE4FFE2B170CF7trueMicrosoft WindowsValid 734700x8000000000000000115873736Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:32.179{3BF36828-7AC4-619D-84D0-02000000CC01}7960C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\IPHLPAPI.DLL10.0.14393.2339 (rs1_release_inmarket.180611-1502)IP Helper APIMicrosoft® Windows® Operating SystemMicrosoft Corporationiphlpapi.dllMD5=3CD38EDF9CA12F91131EDEE32D1C9DF5,SHA256=AF2440640BF8BDEAAF0DECDD7C354158E415ED0AA340ABA7A6CCCDC09C1E728B,IMPHASH=98738BA55485CCA932F6D222F47FFC55trueMicrosoft WindowsValid 734700x8000000000000000115873735Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:32.179{3BF36828-7AC4-619D-84D0-02000000CC01}7960C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5,IMPHASH=0D8FF9DE2DA5C07D680347B1A098E759trueMicrosoft WindowsValid 734700x8000000000000000115873734Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:32.179{3BF36828-7AC4-619D-84D0-02000000CC01}7960C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x8000000000000000115873733Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:32.179{3BF36828-7AC4-619D-84D0-02000000CC01}7960C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dnsapi.dll10.0.14393.4350 (rs1_release.210407-2154)DNS Client API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationdnsapiMD5=D7651F99299B13D576A72643BFC44944,SHA256=589302E630C473DBDF4CE92C59F00B029FCA0C228E7111A764166E16025FA1A9,IMPHASH=3C043C6FF0F62DAEB8819606F79C5ECCtrueMicrosoft WindowsValid 734700x8000000000000000115873732Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:32.163{3BF36828-7AC4-619D-84D0-02000000CC01}7960C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\advapi32.dll10.0.14393.2969 (rs1_release.190503-1820)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=F5442C4B9A99C3AED71BED79AC46DAD1,SHA256=05F47403F3BD93FB11F39A5CB4D6E4DD08B35FF4FA3D4969D8E5396D38FB484B,IMPHASH=D2F471BB25AF6310EB67BD4EA99B4DBCtrueMicrosoft WindowsValid 734700x8000000000000000115873731Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:32.163{3BF36828-7AC4-619D-84D0-02000000CC01}7960C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4350 (rs1_release.210407-2154)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=BC930981DA6E598A6A2E87D8355CB38A,SHA256=34DB9A305C0574B5C1694A499221B520DFB2BFD894D8E95096ABF09F1182D758,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x8000000000000000115873730Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:32.163{3BF36828-7AC4-619D-84D0-02000000CC01}7960C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x8000000000000000115873729Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:32.163{3BF36828-7AC4-619D-84D0-02000000CC01}7960C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 10341000x8000000000000000115873728Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:32.163{3BF36828-989E-6185-C300-00000000CC01}59565960C:\Windows\system32\conhost.exe{3BF36828-7AC4-619D-84D0-02000000CC01}7960C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x8000000000000000115873727Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:32.163{3BF36828-7AC4-619D-84D0-02000000CC01}7960C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x8000000000000000115873726Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:32.163{3BF36828-7AC4-619D-84D0-02000000CC01}7960C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x8000000000000000115873725Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:32.163{3BF36828-7AC4-619D-84D0-02000000CC01}7960C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000115873724Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:32.163{3BF36828-7AC4-619D-84D0-02000000CC01}7960C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exeMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AECtrueSplunk, Inc.Valid 10341000x8000000000000000115873723Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:32.163{3BF36828-9799-6185-0C00-00000000CC01}8444904C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115873722Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:32.163{3BF36828-9799-6185-0C00-00000000CC01}8444904C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115873721Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:32.163{3BF36828-9799-6185-0C00-00000000CC01}8444904C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115873720Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:32.163{3BF36828-9799-6185-0C00-00000000CC01}8444904C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115873719Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:32.163{3BF36828-9797-6185-0500-00000000CC01}420436C:\Windows\system32\csrss.exe{3BF36828-7AC4-619D-84D0-02000000CC01}7960C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000115873718Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:32.163{3BF36828-989D-6185-BF00-00000000CC01}29682452C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3BF36828-7AC4-619D-84D0-02000000CC01}7960C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000115873717Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:32.158{3BF36828-7AC4-619D-84D0-02000000CC01}7960C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{3BF36828-9797-6185-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{3BF36828-989D-6185-BF00-00000000CC01}2968C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000059058580Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:33.678{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=52D4F0DA594196DF5C0D431A3ADC4E78,SHA256=BF01060AD094808E76582CBCF7BA1A4C5E785BB4981990C23645FD5569FEACC5,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x8000000000000000115873876Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:33.609{3BF36828-7AC5-619D-86D0-02000000CC01}7912C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 10341000x8000000000000000115873875Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:33.609{3BF36828-7AC5-619D-86D0-02000000CC01}79121868C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{3BF36828-989D-6185-BF00-00000000CC01}2968C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x8000000000000000115873874Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:33.609{3BF36828-7AC5-619D-86D0-02000000CC01}7912C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x8000000000000000115873873Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:33.609{3BF36828-7AC5-619D-86D0-02000000CC01}7912C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 23542300x8000000000000000115873872Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:33.478{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=20F48BAC408437C696FB48A69AC7BF2D,SHA256=83DD883404CAFF1190D660F914439BE9D2C935F8225F710A30EFE450E5677B37,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x8000000000000000115873871Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:33.462{3BF36828-7AC5-619D-86D0-02000000CC01}7912C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x8000000000000000115873870Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:33.462{3BF36828-7AC5-619D-86D0-02000000CC01}7912C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=B6E99FD898E948657373BB02708C7C00,SHA256=90476029BD7AB0FEC53AAE567AE53BC0B09C7C5C8C7B8F19485BA872B74ED591,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x8000000000000000115873869Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:33.462{3BF36828-7AC5-619D-86D0-02000000CC01}7912C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x8000000000000000115873868Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:33.462{3BF36828-7AC5-619D-86D0-02000000CC01}7912C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x8000000000000000115873867Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:33.461{3BF36828-7AC5-619D-86D0-02000000CC01}7912C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x8000000000000000115873866Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:33.460{3BF36828-7AC5-619D-86D0-02000000CC01}7912C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x8000000000000000115873865Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:33.460{3BF36828-7AC5-619D-86D0-02000000CC01}7912C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x8000000000000000115873864Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:33.459{3BF36828-7AC5-619D-86D0-02000000CC01}7912C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x8000000000000000115873863Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:33.440{3BF36828-7AC5-619D-86D0-02000000CC01}7912C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x8000000000000000115873862Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:33.440{3BF36828-7AC5-619D-86D0-02000000CC01}7912C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x8000000000000000115873861Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:33.440{3BF36828-7AC5-619D-86D0-02000000CC01}7912C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x8000000000000000115873860Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:33.440{3BF36828-7AC5-619D-86D0-02000000CC01}7912C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x8000000000000000115873859Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:33.440{3BF36828-7AC5-619D-86D0-02000000CC01}7912C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=88632FDECDE467B887C3594BE2EC545C,SHA256=FFED4D80961917C785063411ED15CED1DB6588AD925E76D72E1BF684FFDBF25D,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x8000000000000000115873858Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:33.440{3BF36828-7AC5-619D-86D0-02000000CC01}7912C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x8000000000000000115873857Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:33.440{3BF36828-7AC5-619D-86D0-02000000CC01}7912C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x8000000000000000115873856Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:33.440{3BF36828-7AC5-619D-86D0-02000000CC01}7912C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x8000000000000000115873855Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:33.440{3BF36828-7AC5-619D-86D0-02000000CC01}7912C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000115873854Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:33.440{3BF36828-7AC5-619D-86D0-02000000CC01}7912C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x8000000000000000115873853Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:33.440{3BF36828-7AC5-619D-86D0-02000000CC01}7912C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x8000000000000000115873852Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:33.440{3BF36828-7AC5-619D-86D0-02000000CC01}7912C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x8000000000000000115873851Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:33.440{3BF36828-7AC5-619D-86D0-02000000CC01}7912C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x8000000000000000115873850Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:33.440{3BF36828-7AC5-619D-86D0-02000000CC01}7912C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x8000000000000000115873849Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:33.440{3BF36828-7AC5-619D-86D0-02000000CC01}7912C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x8000000000000000115873848Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:33.440{3BF36828-7AC5-619D-86D0-02000000CC01}7912C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x8000000000000000115873847Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:33.440{3BF36828-7AC5-619D-86D0-02000000CC01}7912C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x8000000000000000115873846Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:33.440{3BF36828-7AC5-619D-86D0-02000000CC01}7912C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x8000000000000000115873845Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:33.440{3BF36828-7AC5-619D-86D0-02000000CC01}7912C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4350 (rs1_release.210407-2154)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=BC930981DA6E598A6A2E87D8355CB38A,SHA256=34DB9A305C0574B5C1694A499221B520DFB2BFD894D8E95096ABF09F1182D758,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x8000000000000000115873844Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:33.440{3BF36828-7AC5-619D-86D0-02000000CC01}7912C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x8000000000000000115873843Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:33.440{3BF36828-7AC5-619D-86D0-02000000CC01}7912C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x8000000000000000115873842Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:33.440{3BF36828-7AC5-619D-86D0-02000000CC01}7912C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x8000000000000000115873841Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:33.440{3BF36828-7AC5-619D-86D0-02000000CC01}7912C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x8000000000000000115873840Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:33.440{3BF36828-7AC5-619D-86D0-02000000CC01}7912C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.2969 (rs1_release.190503-1820)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=F5442C4B9A99C3AED71BED79AC46DAD1,SHA256=05F47403F3BD93FB11F39A5CB4D6E4DD08B35FF4FA3D4969D8E5396D38FB484B,IMPHASH=D2F471BB25AF6310EB67BD4EA99B4DBCtrueMicrosoft WindowsValid 734700x8000000000000000115873839Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:33.440{3BF36828-7AC5-619D-86D0-02000000CC01}7912C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x8000000000000000115873838Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:33.440{3BF36828-7AC5-619D-86D0-02000000CC01}7912C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x8000000000000000115873837Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:33.440{3BF36828-7AC5-619D-86D0-02000000CC01}7912C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 10341000x8000000000000000115873836Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:33.440{3BF36828-989E-6185-C300-00000000CC01}59565960C:\Windows\system32\conhost.exe{3BF36828-7AC5-619D-86D0-02000000CC01}7912C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x8000000000000000115873835Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:33.440{3BF36828-7AC5-619D-86D0-02000000CC01}7912C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x8000000000000000115873834Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:33.440{3BF36828-7AC5-619D-86D0-02000000CC01}7912C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x8000000000000000115873833Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:33.440{3BF36828-7AC5-619D-86D0-02000000CC01}7912C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000115873832Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:33.440{3BF36828-7AC5-619D-86D0-02000000CC01}7912C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1CtrueSplunk, Inc.Valid 10341000x8000000000000000115873831Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:33.440{3BF36828-9799-6185-0C00-00000000CC01}8444904C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115873830Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:33.440{3BF36828-9799-6185-0C00-00000000CC01}8444904C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115873829Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:33.440{3BF36828-9799-6185-0C00-00000000CC01}8444904C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115873828Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:33.440{3BF36828-9799-6185-0C00-00000000CC01}8444904C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115873827Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:33.440{3BF36828-9797-6185-0500-00000000CC01}420536C:\Windows\system32\csrss.exe{3BF36828-7AC5-619D-86D0-02000000CC01}7912C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000115873826Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:33.440{3BF36828-989D-6185-BF00-00000000CC01}29682452C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3BF36828-7AC5-619D-86D0-02000000CC01}7912C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000115873825Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:33.426{3BF36828-7AC5-619D-86D0-02000000CC01}7912C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{3BF36828-9797-6185-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{3BF36828-989D-6185-BF00-00000000CC01}2968C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000115873824Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:33.178{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2197819CC588692AFACB2AC4D791CF20,SHA256=F8632ABE2260042F188B199DE03CE5AE4B5B14D0912DCD26579E265BF17E87EE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000059058592Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:19.737{B81B27B7-28BE-6193-7E00-00000000CC01}5272C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58111-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000059058591Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:34.694{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F0C82A7BAE522EA9559C135899CCEDB0,SHA256=10B5EF439CC97BDA696709A1CCB9DD1FF01C60EEC394B5773A68B70B1DE8E2D1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x8000000000000000115873988Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.862{3BF36828-7AC6-619D-88D0-02000000CC01}6472C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 10341000x8000000000000000115873987Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.862{3BF36828-7AC6-619D-88D0-02000000CC01}64723144C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{3BF36828-989D-6185-BF00-00000000CC01}2968C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x8000000000000000115873986Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.861{3BF36828-7AC6-619D-88D0-02000000CC01}6472C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x8000000000000000115873985Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.860{3BF36828-7AC6-619D-88D0-02000000CC01}6472C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 10341000x8000000000000000115873984Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.794{3BF36828-9D19-618C-1ED4-00000000CC01}61284772C:\Windows\system32\taskmgr.exe{3BF36828-7AC6-619D-88D0-02000000CC01}6472C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+19544|C:\Windows\system32\taskmgr.exe+1a290|C:\Windows\system32\taskmgr.exe+19e20|C:\Windows\system32\taskmgr.exe+1cc42|C:\Windows\system32\taskmgr.exe+14fa9|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115873983Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.794{3BF36828-9D19-618C-1ED4-00000000CC01}61284772C:\Windows\system32\taskmgr.exe{3BF36828-7AC6-619D-88D0-02000000CC01}6472C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\taskmgr.exe+1e590|C:\Windows\system32\taskmgr.exe+1a25e|C:\Windows\system32\taskmgr.exe+19e20|C:\Windows\system32\taskmgr.exe+1cc42|C:\Windows\system32\taskmgr.exe+14fa9|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115873982Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.794{3BF36828-9D19-618C-1ED4-00000000CC01}61284772C:\Windows\system32\taskmgr.exe{3BF36828-7AC6-619D-88D0-02000000CC01}6472C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+1ea6a|C:\Windows\system32\taskmgr.exe+1a0d0|C:\Windows\system32\taskmgr.exe+19e20|C:\Windows\system32\taskmgr.exe+1cc42|C:\Windows\system32\taskmgr.exe+14fa9|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115873981Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.794{3BF36828-9D19-618C-1ED4-00000000CC01}61284772C:\Windows\system32\taskmgr.exe{3BF36828-7AC6-619D-88D0-02000000CC01}6472C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+b1cf|C:\Windows\system32\taskmgr.exe+1a084|C:\Windows\system32\taskmgr.exe+19e20|C:\Windows\system32\taskmgr.exe+1cc42|C:\Windows\system32\taskmgr.exe+14fa9|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115873980Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.794{3BF36828-9D19-618C-1ED4-00000000CC01}61284772C:\Windows\system32\taskmgr.exe{3BF36828-7AC6-619D-88D0-02000000CC01}6472C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+b2b8|C:\Windows\system32\taskmgr.exe+19d0d|C:\Windows\system32\taskmgr.exe+1cc42|C:\Windows\system32\taskmgr.exe+14fa9|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000115873979Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:57.834{3BF36828-98A5-6185-ED00-00000000CC01}2352C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local61851-false10.0.1.12-8000- 23542300x8000000000000000115873978Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.725{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0DF6BF6458C2D568989966C87098C59F,SHA256=775DCB0D56D4568493531A9E754BF0A0AE804A0723C2926AB271D237C2E71291,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x8000000000000000115873977Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.710{3BF36828-7AC6-619D-88D0-02000000CC01}6472C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x8000000000000000115873976Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.710{3BF36828-7AC6-619D-88D0-02000000CC01}6472C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=B6E99FD898E948657373BB02708C7C00,SHA256=90476029BD7AB0FEC53AAE567AE53BC0B09C7C5C8C7B8F19485BA872B74ED591,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x8000000000000000115873975Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.710{3BF36828-7AC6-619D-88D0-02000000CC01}6472C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x8000000000000000115873974Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.710{3BF36828-7AC6-619D-88D0-02000000CC01}6472C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x8000000000000000115873973Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.710{3BF36828-7AC6-619D-88D0-02000000CC01}6472C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x8000000000000000115873972Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.710{3BF36828-7AC6-619D-88D0-02000000CC01}6472C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x8000000000000000115873971Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.710{3BF36828-7AC6-619D-88D0-02000000CC01}6472C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x8000000000000000115873970Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.710{3BF36828-7AC6-619D-88D0-02000000CC01}6472C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x8000000000000000115873969Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.694{3BF36828-7AC6-619D-88D0-02000000CC01}6472C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x8000000000000000115873968Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.694{3BF36828-7AC6-619D-88D0-02000000CC01}6472C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x8000000000000000115873967Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.694{3BF36828-7AC6-619D-88D0-02000000CC01}6472C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x8000000000000000115873966Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.694{3BF36828-7AC6-619D-88D0-02000000CC01}6472C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x8000000000000000115873965Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.694{3BF36828-7AC6-619D-88D0-02000000CC01}6472C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\combase.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=88632FDECDE467B887C3594BE2EC545C,SHA256=FFED4D80961917C785063411ED15CED1DB6588AD925E76D72E1BF684FFDBF25D,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x8000000000000000115873964Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.694{3BF36828-7AC6-619D-88D0-02000000CC01}6472C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x8000000000000000115873963Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.694{3BF36828-7AC6-619D-88D0-02000000CC01}6472C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x8000000000000000115873962Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.694{3BF36828-7AC6-619D-88D0-02000000CC01}6472C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x8000000000000000115873961Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.694{3BF36828-7AC6-619D-88D0-02000000CC01}6472C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x8000000000000000115873960Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.694{3BF36828-7AC6-619D-88D0-02000000CC01}6472C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x8000000000000000115873959Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.694{3BF36828-7AC6-619D-88D0-02000000CC01}6472C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000115873958Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.694{3BF36828-7AC6-619D-88D0-02000000CC01}6472C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x8000000000000000115873957Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.694{3BF36828-7AC6-619D-88D0-02000000CC01}6472C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x8000000000000000115873956Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.694{3BF36828-7AC6-619D-88D0-02000000CC01}6472C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x8000000000000000115873955Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.694{3BF36828-7AC6-619D-88D0-02000000CC01}6472C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x8000000000000000115873954Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.694{3BF36828-7AC6-619D-88D0-02000000CC01}6472C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4350 (rs1_release.210407-2154)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=BC930981DA6E598A6A2E87D8355CB38A,SHA256=34DB9A305C0574B5C1694A499221B520DFB2BFD894D8E95096ABF09F1182D758,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x8000000000000000115873953Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.694{3BF36828-7AC6-619D-88D0-02000000CC01}6472C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x8000000000000000115873952Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.694{3BF36828-7AC6-619D-88D0-02000000CC01}6472C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x8000000000000000115873951Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.694{3BF36828-7AC6-619D-88D0-02000000CC01}6472C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x8000000000000000115873950Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.694{3BF36828-7AC6-619D-88D0-02000000CC01}6472C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x8000000000000000115873949Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.694{3BF36828-7AC6-619D-88D0-02000000CC01}6472C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x8000000000000000115873948Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.694{3BF36828-7AC6-619D-88D0-02000000CC01}6472C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x8000000000000000115873947Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.694{3BF36828-7AC6-619D-88D0-02000000CC01}6472C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x8000000000000000115873946Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.694{3BF36828-7AC6-619D-88D0-02000000CC01}6472C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x8000000000000000115873945Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.694{3BF36828-7AC6-619D-88D0-02000000CC01}6472C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x8000000000000000115873944Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.694{3BF36828-7AC6-619D-88D0-02000000CC01}6472C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x8000000000000000115873943Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.694{3BF36828-7AC6-619D-88D0-02000000CC01}6472C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5,IMPHASH=0D8FF9DE2DA5C07D680347B1A098E759trueMicrosoft WindowsValid 734700x8000000000000000115873942Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.694{3BF36828-7AC6-619D-88D0-02000000CC01}6472C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\advapi32.dll10.0.14393.2969 (rs1_release.190503-1820)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=F5442C4B9A99C3AED71BED79AC46DAD1,SHA256=05F47403F3BD93FB11F39A5CB4D6E4DD08B35FF4FA3D4969D8E5396D38FB484B,IMPHASH=D2F471BB25AF6310EB67BD4EA99B4DBCtrueMicrosoft WindowsValid 10341000x8000000000000000115873941Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.694{3BF36828-989E-6185-C300-00000000CC01}59565960C:\Windows\system32\conhost.exe{3BF36828-7AC6-619D-88D0-02000000CC01}6472C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x8000000000000000115873940Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.694{3BF36828-7AC6-619D-88D0-02000000CC01}6472C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x8000000000000000115873939Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.694{3BF36828-7AC6-619D-88D0-02000000CC01}6472C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x8000000000000000115873938Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.694{3BF36828-7AC6-619D-88D0-02000000CC01}6472C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000115873937Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.694{3BF36828-7AC6-619D-88D0-02000000CC01}6472C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exeMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25trueSplunk, Inc.Valid 10341000x8000000000000000115873936Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.694{3BF36828-9799-6185-0C00-00000000CC01}8444904C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115873935Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.694{3BF36828-9799-6185-0C00-00000000CC01}8444904C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x800000000000000059058590Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-SetValue2021-11-23 23:35:34.272{B81B27B7-28B1-6193-0C00-00000000CC01}644C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000059058589Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-SetValue2021-11-23 23:35:34.272{B81B27B7-28B1-6193-0C00-00000000CC01}644C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x2850817f) 13241300x800000000000000059058588Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-SetValue2021-11-23 23:35:34.272{B81B27B7-28B1-6193-0C00-00000000CC01}644C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7e0ba-0x6d58add1) 13241300x800000000000000059058587Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-SetValue2021-11-23 23:35:34.272{B81B27B7-28B1-6193-0C00-00000000CC01}644C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7e0c2-0xcf1d15d1) 13241300x800000000000000059058586Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-SetValue2021-11-23 23:35:34.272{B81B27B7-28B1-6193-0C00-00000000CC01}644C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7e0cb-0x30e17dd1) 13241300x800000000000000059058585Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-SetValue2021-11-23 23:35:34.272{B81B27B7-28B1-6193-0C00-00000000CC01}644C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000059058584Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-SetValue2021-11-23 23:35:34.272{B81B27B7-28B1-6193-0C00-00000000CC01}644C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x2850817f) 13241300x800000000000000059058583Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-SetValue2021-11-23 23:35:34.272{B81B27B7-28B1-6193-0C00-00000000CC01}644C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7e0ba-0x6d58add1) 13241300x800000000000000059058582Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-SetValue2021-11-23 23:35:34.272{B81B27B7-28B1-6193-0C00-00000000CC01}644C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7e0c2-0xcf1d15d1) 13241300x800000000000000059058581Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-SetValue2021-11-23 23:35:34.272{B81B27B7-28B1-6193-0C00-00000000CC01}644C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7e0cb-0x30e17dd1) 10341000x8000000000000000115873934Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.694{3BF36828-9799-6185-0C00-00000000CC01}8444904C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115873933Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.694{3BF36828-9799-6185-0C00-00000000CC01}8444904C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115873932Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.694{3BF36828-9797-6185-0500-00000000CC01}420412C:\Windows\system32\csrss.exe{3BF36828-7AC6-619D-88D0-02000000CC01}6472C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000115873931Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.694{3BF36828-989D-6185-BF00-00000000CC01}29682452C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3BF36828-7AC6-619D-88D0-02000000CC01}6472C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000115873930Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.680{3BF36828-7AC6-619D-88D0-02000000CC01}6472C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{3BF36828-9797-6185-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{3BF36828-989D-6185-BF00-00000000CC01}2968C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000115873929Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.426{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A924942658950764CB5F3CDE61165C5F,SHA256=A7FF19D8FFDDA353B6459FFE4A2FAFFDEDDFBE50981E3CCC28AC87FB60AB0013,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x8000000000000000115873928Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.242{3BF36828-7AC6-619D-87D0-02000000CC01}5212C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x8000000000000000115873927Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.242{3BF36828-7AC6-619D-87D0-02000000CC01}5212C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x8000000000000000115873926Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.242{3BF36828-7AC6-619D-87D0-02000000CC01}5212C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x8000000000000000115873925Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.094{3BF36828-7AC6-619D-87D0-02000000CC01}5212C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x8000000000000000115873924Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.094{3BF36828-7AC6-619D-87D0-02000000CC01}5212C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rsaenh.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=B6E99FD898E948657373BB02708C7C00,SHA256=90476029BD7AB0FEC53AAE567AE53BC0B09C7C5C8C7B8F19485BA872B74ED591,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x8000000000000000115873923Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.094{3BF36828-7AC6-619D-87D0-02000000CC01}5212C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x8000000000000000115873922Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.094{3BF36828-7AC6-619D-87D0-02000000CC01}5212C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x8000000000000000115873921Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.094{3BF36828-7AC6-619D-87D0-02000000CC01}5212C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x8000000000000000115873920Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.094{3BF36828-7AC6-619D-87D0-02000000CC01}5212C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x8000000000000000115873919Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.094{3BF36828-7AC6-619D-87D0-02000000CC01}5212C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x8000000000000000115873918Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.094{3BF36828-7AC6-619D-87D0-02000000CC01}5212C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x8000000000000000115873917Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.079{3BF36828-7AC6-619D-87D0-02000000CC01}5212C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x8000000000000000115873916Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.079{3BF36828-7AC6-619D-87D0-02000000CC01}5212C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x8000000000000000115873915Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.079{3BF36828-7AC6-619D-87D0-02000000CC01}5212C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x8000000000000000115873914Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.079{3BF36828-7AC6-619D-87D0-02000000CC01}5212C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x8000000000000000115873913Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.079{3BF36828-7AC6-619D-87D0-02000000CC01}5212C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x8000000000000000115873912Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.079{3BF36828-7AC6-619D-87D0-02000000CC01}5212C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\combase.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=88632FDECDE467B887C3594BE2EC545C,SHA256=FFED4D80961917C785063411ED15CED1DB6588AD925E76D72E1BF684FFDBF25D,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x8000000000000000115873911Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.079{3BF36828-7AC6-619D-87D0-02000000CC01}5212C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x8000000000000000115873910Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.079{3BF36828-7AC6-619D-87D0-02000000CC01}5212C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000115873909Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.079{3BF36828-7AC6-619D-87D0-02000000CC01}5212C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x8000000000000000115873908Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.079{3BF36828-7AC6-619D-87D0-02000000CC01}5212C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x8000000000000000115873907Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.079{3BF36828-7AC6-619D-87D0-02000000CC01}5212C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x8000000000000000115873906Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.079{3BF36828-7AC6-619D-87D0-02000000CC01}5212C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x8000000000000000115873905Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.079{3BF36828-7AC6-619D-87D0-02000000CC01}5212C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x8000000000000000115873904Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.079{3BF36828-7AC6-619D-87D0-02000000CC01}5212C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x8000000000000000115873903Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.079{3BF36828-7AC6-619D-87D0-02000000CC01}5212C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x8000000000000000115873902Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.079{3BF36828-7AC6-619D-87D0-02000000CC01}5212C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x8000000000000000115873901Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.079{3BF36828-7AC6-619D-87D0-02000000CC01}5212C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x8000000000000000115873900Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.079{3BF36828-7AC6-619D-87D0-02000000CC01}5212C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4350 (rs1_release.210407-2154)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=BC930981DA6E598A6A2E87D8355CB38A,SHA256=34DB9A305C0574B5C1694A499221B520DFB2BFD894D8E95096ABF09F1182D758,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x8000000000000000115873899Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.079{3BF36828-7AC6-619D-87D0-02000000CC01}5212C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x8000000000000000115873898Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.079{3BF36828-7AC6-619D-87D0-02000000CC01}5212C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x8000000000000000115873897Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.079{3BF36828-7AC6-619D-87D0-02000000CC01}5212C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x8000000000000000115873896Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.079{3BF36828-7AC6-619D-87D0-02000000CC01}5212C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x8000000000000000115873895Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.079{3BF36828-7AC6-619D-87D0-02000000CC01}5212C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x8000000000000000115873894Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.079{3BF36828-7AC6-619D-87D0-02000000CC01}5212C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x8000000000000000115873893Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.079{3BF36828-7AC6-619D-87D0-02000000CC01}5212C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x8000000000000000115873892Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.079{3BF36828-7AC6-619D-87D0-02000000CC01}5212C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x8000000000000000115873891Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.079{3BF36828-7AC6-619D-87D0-02000000CC01}5212C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\fltLib.dll10.0.14393.0 (rs1_release.160715-1616)Filter LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationfilterLib.dllMD5=051ABD8360BDA63A1BC77C662FBF0A25,SHA256=C914E2DBAEC2C9A11923A984B30A979637D3A27B3C29E93F4C90FB1D9FBC518F,IMPHASH=74D3C2DA8B6F9861866B866AE40683D3trueMicrosoft WindowsValid 734700x8000000000000000115873890Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.079{3BF36828-7AC6-619D-87D0-02000000CC01}5212C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\advapi32.dll10.0.14393.2969 (rs1_release.190503-1820)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=F5442C4B9A99C3AED71BED79AC46DAD1,SHA256=05F47403F3BD93FB11F39A5CB4D6E4DD08B35FF4FA3D4969D8E5396D38FB484B,IMPHASH=D2F471BB25AF6310EB67BD4EA99B4DBCtrueMicrosoft WindowsValid 10341000x8000000000000000115873889Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.079{3BF36828-989E-6185-C300-00000000CC01}59565960C:\Windows\system32\conhost.exe{3BF36828-7AC6-619D-87D0-02000000CC01}5212C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x8000000000000000115873888Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.079{3BF36828-7AC6-619D-87D0-02000000CC01}5212C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x8000000000000000115873887Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.079{3BF36828-7AC6-619D-87D0-02000000CC01}5212C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x8000000000000000115873886Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.079{3BF36828-7AC6-619D-87D0-02000000CC01}5212C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000115873885Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.079{3BF36828-7AC6-619D-87D0-02000000CC01}5212C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exeMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8trueSplunk, Inc.Valid 10341000x8000000000000000115873884Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.079{3BF36828-9799-6185-0C00-00000000CC01}8444904C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115873883Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.079{3BF36828-9799-6185-0C00-00000000CC01}8444904C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115873882Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.079{3BF36828-9799-6185-0C00-00000000CC01}8444904C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115873881Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.079{3BF36828-9799-6185-0C00-00000000CC01}8444904C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115873880Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.079{3BF36828-9797-6185-0500-00000000CC01}420536C:\Windows\system32\csrss.exe{3BF36828-7AC6-619D-87D0-02000000CC01}5212C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000115873879Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.079{3BF36828-989D-6185-BF00-00000000CC01}29682452C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3BF36828-7AC6-619D-87D0-02000000CC01}5212C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000115873878Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.063{3BF36828-7AC6-619D-87D0-02000000CC01}5212C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{3BF36828-9797-6185-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{3BF36828-989D-6185-BF00-00000000CC01}2968C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000115873877Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:34.057{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CC3E412372985EDC028420AC4C336DBF,SHA256=27831733E7210874558450ED08C9FCF788343A537233E7765F6E121645E299AD,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058593Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:35.710{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=37BB7B6BDA6E3DCD9D32569DD643965E,SHA256=4F4DBD6A738BE61EBE942CCAFC3690E4874232909D8829646DFDB4C2964779E0,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874090Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:35.977{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FA700089F1462841E3B0ED444472B2D0,SHA256=1D6CB9E709EA3869B9CEB3FA95180A7F64F5F07D864CA4DED51E1343C0BF519E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x8000000000000000115874089Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:35.959{3BF36828-7AC7-619D-8AD0-02000000CC01}2948C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x8000000000000000115874088Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:35.958{3BF36828-7AC7-619D-8AD0-02000000CC01}2948C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=B6E99FD898E948657373BB02708C7C00,SHA256=90476029BD7AB0FEC53AAE567AE53BC0B09C7C5C8C7B8F19485BA872B74ED591,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x8000000000000000115874087Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:35.958{3BF36828-7AC7-619D-8AD0-02000000CC01}2948C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x8000000000000000115874086Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:35.957{3BF36828-7AC7-619D-8AD0-02000000CC01}2948C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x8000000000000000115874085Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:35.956{3BF36828-7AC7-619D-8AD0-02000000CC01}2948C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x8000000000000000115874084Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:35.940{3BF36828-7AC7-619D-8AD0-02000000CC01}2948C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x8000000000000000115874083Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:35.940{3BF36828-7AC7-619D-8AD0-02000000CC01}2948C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x8000000000000000115874082Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:35.940{3BF36828-7AC7-619D-8AD0-02000000CC01}2948C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x8000000000000000115874081Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:35.940{3BF36828-7AC7-619D-8AD0-02000000CC01}2948C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x8000000000000000115874080Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:35.940{3BF36828-7AC7-619D-8AD0-02000000CC01}2948C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x8000000000000000115874079Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:35.940{3BF36828-7AC7-619D-8AD0-02000000CC01}2948C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x8000000000000000115874078Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:35.940{3BF36828-7AC7-619D-8AD0-02000000CC01}2948C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x8000000000000000115874077Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:35.940{3BF36828-7AC7-619D-8AD0-02000000CC01}2948C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x8000000000000000115874076Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:35.940{3BF36828-7AC7-619D-8AD0-02000000CC01}2948C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x8000000000000000115874075Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:35.940{3BF36828-7AC7-619D-8AD0-02000000CC01}2948C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\winspool.drv10.0.14393.4169 (rs1_release.210107-1130)Windows Spooler DriverMicrosoft® Windows® Operating SystemMicrosoft Corporationwinspool.drvMD5=D21FAA584F844E61375D95B5BE9115EE,SHA256=E221EA0081FDE7AAAD71A38016A8D470082B3732E9ED2D8ED7C97E9F41AF0045,IMPHASH=2005807FD04567B79F4109D23F9E6018trueMicrosoft WindowsValid 734700x8000000000000000115874074Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:35.940{3BF36828-7AC7-619D-8AD0-02000000CC01}2948C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x8000000000000000115874073Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:35.940{3BF36828-7AC7-619D-8AD0-02000000CC01}2948C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x8000000000000000115874072Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:35.940{3BF36828-7AC7-619D-8AD0-02000000CC01}2948C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x8000000000000000115874071Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:35.940{3BF36828-7AC7-619D-8AD0-02000000CC01}2948C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x8000000000000000115874070Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:35.940{3BF36828-7AC7-619D-8AD0-02000000CC01}2948C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x8000000000000000115874069Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:35.940{3BF36828-7AC7-619D-8AD0-02000000CC01}2948C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\combase.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=88632FDECDE467B887C3594BE2EC545C,SHA256=FFED4D80961917C785063411ED15CED1DB6588AD925E76D72E1BF684FFDBF25D,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x8000000000000000115874068Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:35.940{3BF36828-7AC7-619D-8AD0-02000000CC01}2948C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x8000000000000000115874067Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:35.940{3BF36828-7AC7-619D-8AD0-02000000CC01}2948C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x8000000000000000115874066Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:35.940{3BF36828-7AC7-619D-8AD0-02000000CC01}2948C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x8000000000000000115874065Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:35.940{3BF36828-7AC7-619D-8AD0-02000000CC01}2948C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x8000000000000000115874064Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:35.940{3BF36828-7AC7-619D-8AD0-02000000CC01}2948C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x8000000000000000115874063Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:35.940{3BF36828-7AC7-619D-8AD0-02000000CC01}2948C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x8000000000000000115874062Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:35.940{3BF36828-7AC7-619D-8AD0-02000000CC01}2948C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x8000000000000000115874061Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:35.940{3BF36828-7AC7-619D-8AD0-02000000CC01}2948C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4350 (rs1_release.210407-2154)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=BC930981DA6E598A6A2E87D8355CB38A,SHA256=34DB9A305C0574B5C1694A499221B520DFB2BFD894D8E95096ABF09F1182D758,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x8000000000000000115874060Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:35.940{3BF36828-7AC7-619D-8AD0-02000000CC01}2948C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x8000000000000000115874059Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:35.940{3BF36828-7AC7-619D-8AD0-02000000CC01}2948C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x8000000000000000115874058Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:35.940{3BF36828-7AC7-619D-8AD0-02000000CC01}2948C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\advapi32.dll10.0.14393.2969 (rs1_release.190503-1820)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=F5442C4B9A99C3AED71BED79AC46DAD1,SHA256=05F47403F3BD93FB11F39A5CB4D6E4DD08B35FF4FA3D4969D8E5396D38FB484B,IMPHASH=D2F471BB25AF6310EB67BD4EA99B4DBCtrueMicrosoft WindowsValid 734700x8000000000000000115874057Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:35.940{3BF36828-7AC7-619D-8AD0-02000000CC01}2948C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x8000000000000000115874056Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:35.940{3BF36828-7AC7-619D-8AD0-02000000CC01}2948C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x8000000000000000115874055Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:35.940{3BF36828-7AC7-619D-8AD0-02000000CC01}2948C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000115874054Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:35.940{3BF36828-7AC7-619D-8AD0-02000000CC01}2948C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 10341000x8000000000000000115874053Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:35.940{3BF36828-989E-6185-C300-00000000CC01}59565960C:\Windows\system32\conhost.exe{3BF36828-7AC7-619D-8AD0-02000000CC01}2948C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x8000000000000000115874052Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:35.940{3BF36828-7AC7-619D-8AD0-02000000CC01}2948C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x8000000000000000115874051Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:35.940{3BF36828-7AC7-619D-8AD0-02000000CC01}2948C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x8000000000000000115874050Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:35.940{3BF36828-7AC7-619D-8AD0-02000000CC01}2948C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000115874049Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:35.940{3BF36828-7AC7-619D-8AD0-02000000CC01}2948C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exeMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748trueSplunk, Inc.Valid 10341000x8000000000000000115874048Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:35.940{3BF36828-9799-6185-0C00-00000000CC01}8444904C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115874047Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:35.940{3BF36828-9799-6185-0C00-00000000CC01}8444904C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115874046Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:35.940{3BF36828-9799-6185-0C00-00000000CC01}8444904C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115874045Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:35.940{3BF36828-9799-6185-0C00-00000000CC01}8444904C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115874044Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:35.940{3BF36828-9797-6185-0500-00000000CC01}420536C:\Windows\system32\csrss.exe{3BF36828-7AC7-619D-8AD0-02000000CC01}2948C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000115874043Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:35.940{3BF36828-989D-6185-BF00-00000000CC01}29682452C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3BF36828-7AC7-619D-8AD0-02000000CC01}2948C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000115874042Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:35.923{3BF36828-7AC7-619D-8AD0-02000000CC01}2948C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{3BF36828-9797-6185-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{3BF36828-989D-6185-BF00-00000000CC01}2968C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000115874041Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:35.693{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=3EEFAB5F20042685DE6C90E727DC742A,SHA256=A8CFDD0A0321250AC578E5D9DD207C0E06A6802A31A6BB8BF6F1A09AAF947B8C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x8000000000000000115874040Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:35.540{3BF36828-7AC7-619D-89D0-02000000CC01}54647968C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{3BF36828-989D-6185-BF00-00000000CC01}2968C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x8000000000000000115874039Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:35.540{3BF36828-7AC7-619D-89D0-02000000CC01}5464C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x8000000000000000115874038Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:35.540{3BF36828-7AC7-619D-89D0-02000000CC01}5464C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x8000000000000000115874037Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:35.362{3BF36828-7AC7-619D-89D0-02000000CC01}5464C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x8000000000000000115874036Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:35.362{3BF36828-7AC7-619D-89D0-02000000CC01}5464C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rsaenh.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=B6E99FD898E948657373BB02708C7C00,SHA256=90476029BD7AB0FEC53AAE567AE53BC0B09C7C5C8C7B8F19485BA872B74ED591,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x8000000000000000115874035Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:35.362{3BF36828-7AC7-619D-89D0-02000000CC01}5464C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x8000000000000000115874034Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:35.361{3BF36828-7AC7-619D-89D0-02000000CC01}5464C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x8000000000000000115874033Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:35.360{3BF36828-7AC7-619D-89D0-02000000CC01}5464C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x8000000000000000115874032Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:35.359{3BF36828-7AC7-619D-89D0-02000000CC01}5464C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x8000000000000000115874031Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:35.359{3BF36828-7AC7-619D-89D0-02000000CC01}5464C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x8000000000000000115874030Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:35.358{3BF36828-7AC7-619D-89D0-02000000CC01}5464C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x8000000000000000115874029Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:35.358{3BF36828-7AC7-619D-89D0-02000000CC01}5464C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x8000000000000000115874028Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:35.340{3BF36828-7AC7-619D-89D0-02000000CC01}5464C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x8000000000000000115874027Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:35.340{3BF36828-7AC7-619D-89D0-02000000CC01}5464C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x8000000000000000115874026Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:35.340{3BF36828-7AC7-619D-89D0-02000000CC01}5464C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x8000000000000000115874025Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:35.340{3BF36828-7AC7-619D-89D0-02000000CC01}5464C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x8000000000000000115874024Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:35.340{3BF36828-7AC7-619D-89D0-02000000CC01}5464C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x8000000000000000115874023Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:35.340{3BF36828-7AC7-619D-89D0-02000000CC01}5464C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x8000000000000000115874022Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:35.340{3BF36828-7AC7-619D-89D0-02000000CC01}5464C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x8000000000000000115874021Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:35.340{3BF36828-7AC7-619D-89D0-02000000CC01}5464C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x8000000000000000115874020Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:35.340{3BF36828-7AC7-619D-89D0-02000000CC01}5464C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x8000000000000000115874019Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:35.340{3BF36828-7AC7-619D-89D0-02000000CC01}5464C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x8000000000000000115874018Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:35.340{3BF36828-7AC7-619D-89D0-02000000CC01}5464C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x8000000000000000115874017Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:35.340{3BF36828-7AC7-619D-89D0-02000000CC01}5464C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x8000000000000000115874016Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:35.340{3BF36828-7AC7-619D-89D0-02000000CC01}5464C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x8000000000000000115874015Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:35.340{3BF36828-7AC7-619D-89D0-02000000CC01}5464C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x8000000000000000115874014Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:35.340{3BF36828-7AC7-619D-89D0-02000000CC01}5464C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\advapi32.dll10.0.14393.2969 (rs1_release.190503-1820)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=F5442C4B9A99C3AED71BED79AC46DAD1,SHA256=05F47403F3BD93FB11F39A5CB4D6E4DD08B35FF4FA3D4969D8E5396D38FB484B,IMPHASH=D2F471BB25AF6310EB67BD4EA99B4DBCtrueMicrosoft WindowsValid 734700x8000000000000000115874013Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:35.340{3BF36828-7AC7-619D-89D0-02000000CC01}5464C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x8000000000000000115874012Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:35.340{3BF36828-7AC7-619D-89D0-02000000CC01}5464C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x8000000000000000115874011Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:35.340{3BF36828-7AC7-619D-89D0-02000000CC01}5464C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x8000000000000000115874010Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:35.340{3BF36828-7AC7-619D-89D0-02000000CC01}5464C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x8000000000000000115874009Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:35.340{3BF36828-7AC7-619D-89D0-02000000CC01}5464C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4350 (rs1_release.210407-2154)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=BC930981DA6E598A6A2E87D8355CB38A,SHA256=34DB9A305C0574B5C1694A499221B520DFB2BFD894D8E95096ABF09F1182D758,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x8000000000000000115874008Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:35.340{3BF36828-7AC7-619D-89D0-02000000CC01}5464C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x8000000000000000115874007Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:35.340{3BF36828-7AC7-619D-89D0-02000000CC01}5464C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\combase.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=88632FDECDE467B887C3594BE2EC545C,SHA256=FFED4D80961917C785063411ED15CED1DB6588AD925E76D72E1BF684FFDBF25D,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x8000000000000000115874006Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:35.340{3BF36828-7AC7-619D-89D0-02000000CC01}5464C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x8000000000000000115874005Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:35.340{3BF36828-7AC7-619D-89D0-02000000CC01}5464C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x8000000000000000115874004Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:35.340{3BF36828-7AC7-619D-89D0-02000000CC01}5464C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x8000000000000000115874003Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:35.340{3BF36828-7AC7-619D-89D0-02000000CC01}5464C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000115874002Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:35.340{3BF36828-7AC7-619D-89D0-02000000CC01}5464C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 10341000x8000000000000000115874001Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:35.340{3BF36828-989E-6185-C300-00000000CC01}59565960C:\Windows\system32\conhost.exe{3BF36828-7AC7-619D-89D0-02000000CC01}5464C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x8000000000000000115874000Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:35.340{3BF36828-7AC7-619D-89D0-02000000CC01}5464C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x8000000000000000115873999Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:35.340{3BF36828-7AC7-619D-89D0-02000000CC01}5464C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x8000000000000000115873998Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:35.340{3BF36828-7AC7-619D-89D0-02000000CC01}5464C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000115873997Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:35.340{3BF36828-7AC7-619D-89D0-02000000CC01}5464C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exeMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165trueSplunk, Inc.Valid 10341000x8000000000000000115873996Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:35.340{3BF36828-9799-6185-0C00-00000000CC01}8444904C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115873995Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:35.340{3BF36828-9799-6185-0C00-00000000CC01}8444904C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115873994Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:35.340{3BF36828-9799-6185-0C00-00000000CC01}8444904C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115873993Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:35.340{3BF36828-9799-6185-0C00-00000000CC01}8444904C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115873992Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:35.340{3BF36828-9797-6185-0500-00000000CC01}420436C:\Windows\system32\csrss.exe{3BF36828-7AC7-619D-89D0-02000000CC01}5464C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000115873991Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:35.340{3BF36828-989D-6185-BF00-00000000CC01}29682452C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3BF36828-7AC7-619D-89D0-02000000CC01}5464C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000115873990Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:35.327{3BF36828-7AC7-619D-89D0-02000000CC01}5464C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{3BF36828-9797-6185-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{3BF36828-989D-6185-BF00-00000000CC01}2968C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000115873989Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:35.324{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8C982748326C88C290EF53B6820AB808,SHA256=AD077E7DEC5F8769E51B4ABB8E00337939010560B5B69728110296CDE7BADA57,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058594Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:36.725{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B038A52CFC823485BC0947E37FCF6BFE,SHA256=F857569B675B828163740CBA5CA8EBC4A43C435F16EA4C21C9A0D3649EB10FBB,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874095Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:36.939{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=9FBF86DDD809B7C9D55407E17FBC9FBD,SHA256=5F282C4E15422B016A5CB3AFD6BA7CEE98DC97EFD2C76EDE71EEFE3A4F478A98,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874094Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:36.593{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CC5E9147A07F25FBE0C84563CC5100F0,SHA256=14EA8AF731C2700D9C1DFEC1E98FAA702AD82C9774A1BD69E66D66A0F010BC83,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x8000000000000000115874093Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:36.093{3BF36828-7AC7-619D-8AD0-02000000CC01}2948C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x8000000000000000115874092Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:36.093{3BF36828-7AC7-619D-8AD0-02000000CC01}2948C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x8000000000000000115874091Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:36.093{3BF36828-7AC7-619D-8AD0-02000000CC01}2948C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 23542300x8000000000000000115874098Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:37.657{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BE989EA8B398963BE85C6D6A72EC181F,SHA256=E21FD718FBD68B1FBDA77A3C14C1582F27FAB64C5A2159F270A3888EE7188934,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000059058609Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:37.803{B81B27B7-7AC9-619D-EF36-01000000CC01}44681364C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{B81B27B7-28B3-6193-2C00-00000000CC01}2332C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000059058608Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:37.741{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7BDBEA7255D008BD51D3C76491B8ACD6,SHA256=0F2978A7D8AD2A171197EDF61510B265F8A9477C61B279EA3C34800DD54B5263,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000059058607Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:37.663{B81B27B7-28B4-6193-3100-00000000CC01}31203140C:\Windows\system32\conhost.exe{B81B27B7-7AC9-619D-EF36-01000000CC01}4468C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058606Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:37.663{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058605Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:37.663{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058604Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:37.663{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058603Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:37.663{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058602Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:37.663{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058601Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:37.663{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058600Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:37.663{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058599Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:37.663{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058598Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:37.663{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058597Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:37.663{B81B27B7-28B0-6193-0500-00000000CC01}408424C:\Windows\system32\csrss.exe{B81B27B7-7AC9-619D-EF36-01000000CC01}4468C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000059058596Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:37.663{B81B27B7-28B3-6193-2C00-00000000CC01}23323408C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{B81B27B7-7AC9-619D-EF36-01000000CC01}4468C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000059058595Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:37.648{B81B27B7-7AC9-619D-EF36-01000000CC01}4468C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{B81B27B7-28B1-6193-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{B81B27B7-28B3-6193-2C00-00000000CC01}2332C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x8000000000000000115874097Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:02.095{3BF36828-9797-6185-0B00-00000000CC01}636C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-128.attackrange.local61852-true0:0:0:0:0:0:0:1win-dc-128.attackrange.local389ldap 354300x8000000000000000115874096Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:02.095{3BF36828-97A9-6185-2800-00000000CC01}2876C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-128.attackrange.local61852-true0:0:0:0:0:0:0:1win-dc-128.attackrange.local389ldap 10341000x800000000000000059058639Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:38.803{B81B27B7-28B4-6193-3100-00000000CC01}31203140C:\Windows\system32\conhost.exe{B81B27B7-7ACA-619D-F136-01000000CC01}3512C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058638Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:38.803{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058637Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:38.803{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058636Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:38.803{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058635Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:38.803{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058634Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:38.803{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058633Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:38.803{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058632Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:38.803{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058631Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:38.803{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058630Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:38.803{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058629Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:38.803{B81B27B7-28B0-6193-0500-00000000CC01}408384C:\Windows\system32\csrss.exe{B81B27B7-7ACA-619D-F136-01000000CC01}3512C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000059058628Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:38.803{B81B27B7-28B3-6193-2C00-00000000CC01}23323408C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{B81B27B7-7ACA-619D-F136-01000000CC01}3512C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000059058627Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:38.789{B81B27B7-7ACA-619D-F136-01000000CC01}3512C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{B81B27B7-28B1-6193-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{B81B27B7-28B3-6193-2C00-00000000CC01}2332C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000059058626Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:38.741{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=22CBC9DF96D9861327819B7DC16DB8BF,SHA256=29DD64B5FA74D47D355851D2E2AA7660DA50CBF19DDAE7091F79AADC630C9C11,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874099Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:38.690{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8E071F89C5ACCC57396BDC57FF5D2CE8,SHA256=BEF4BB1EA5C4DE4BE0708B965A80098F7FFDA34617C0BD1B7587739868802323,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058625Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:38.663{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=44B7E9A4EF043EE55374115744F35A20,SHA256=ED05D593FC5FADF2A0C1997E2201A3050D3E5503D0B771E263553471EDDE1BB0,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058624Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:38.663{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B0FA82654DA5C191333C4ACE62DA73EE,SHA256=FBF916AFB915FCBE856A741B17E7C9C63A8D3FBEFF2289578AA1F68927D81BC3,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000059058623Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:38.335{B81B27B7-7ACA-619D-F036-01000000CC01}58166120C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{B81B27B7-28B3-6193-2C00-00000000CC01}2332C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058622Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:38.178{B81B27B7-28B4-6193-3100-00000000CC01}31203140C:\Windows\system32\conhost.exe{B81B27B7-7ACA-619D-F036-01000000CC01}5816C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058621Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:38.178{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058620Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:38.178{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058619Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:38.178{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058618Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:38.178{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058617Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:38.178{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058616Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:38.178{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058615Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:38.178{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058614Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:38.178{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058613Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:38.178{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058612Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:38.178{B81B27B7-28B0-6193-0500-00000000CC01}408528C:\Windows\system32\csrss.exe{B81B27B7-7ACA-619D-F036-01000000CC01}5816C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000059058611Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:38.178{B81B27B7-28B3-6193-2C00-00000000CC01}23323408C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{B81B27B7-7ACA-619D-F036-01000000CC01}5816C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000059058610Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:38.164{B81B27B7-7ACA-619D-F036-01000000CC01}5816C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{B81B27B7-28B1-6193-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{B81B27B7-28B3-6193-2C00-00000000CC01}2332C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000059058654Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:39.928{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=998A4DF4C9CB374AD81E2A743921A3A6,SHA256=E3E26EF57BCE8C241AF932AB6907D5A8E0D79C53F27D794266B6611D6E2C4C9F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874102Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:39.705{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9C24437F53743A7DC68C9C7E52AEC863,SHA256=B015A8C849022C8B26C8749337C9CCF6C33E58E61E68CBEC24291E831B5E469F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x8000000000000000115874101Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:03.793{3BF36828-98A5-6185-ED00-00000000CC01}2352C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local61853-false10.0.1.12-8000- 10341000x800000000000000059058653Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:39.710{B81B27B7-7ACB-619D-F236-01000000CC01}31282776C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{B81B27B7-28B3-6193-2C00-00000000CC01}2332C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058652Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:39.491{B81B27B7-28B4-6193-3100-00000000CC01}31203140C:\Windows\system32\conhost.exe{B81B27B7-7ACB-619D-F236-01000000CC01}3128C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058651Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:39.491{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058650Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:39.491{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058649Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:39.491{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058648Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:39.491{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058647Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:39.491{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058646Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:39.491{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058645Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:39.491{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058644Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:39.491{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058643Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:39.491{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058642Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:39.491{B81B27B7-28B0-6193-0500-00000000CC01}408528C:\Windows\system32\csrss.exe{B81B27B7-7ACB-619D-F236-01000000CC01}3128C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000059058641Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:39.491{B81B27B7-28B3-6193-2C00-00000000CC01}23323408C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{B81B27B7-7ACB-619D-F236-01000000CC01}3128C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000059058640Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:39.476{B81B27B7-7ACB-619D-F236-01000000CC01}3128C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{B81B27B7-28B1-6193-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{B81B27B7-28B3-6193-2C00-00000000CC01}2332C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000115874100Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:39.155{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B98FF826B7B087844B75A5CAB148B6FD,SHA256=51BAE1418E4CA89A17C2495065C27056CD5FE9FD1694B58136F444C696DC7E89,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058657Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:40.960{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B12F8CD299E86E9586B6607E62B9169B,SHA256=1F305A9EA1002C3100D2A6FF50FEAA33A9C28A516FE193114F81E4D2ED513989,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874103Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:40.753{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CEF575E25039E558F92157249F176D85,SHA256=9AC4EA9E0634F97F4BD8806E76E96C38124F9DC35A172089BA6831EEEA97121D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058656Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:40.022{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=44B7E9A4EF043EE55374115744F35A20,SHA256=ED05D593FC5FADF2A0C1997E2201A3050D3E5503D0B771E263553471EDDE1BB0,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000059058655Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:25.768{B81B27B7-28BE-6193-7E00-00000000CC01}5272C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58112-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x8000000000000000115874104Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:41.772{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6E2AB02B6E64531C81436A3B8E15F1C2,SHA256=12688F6F77D37F8B45B3F9C4820B957C12F5DB9EC28016AAC298E1E3E9536E58,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874105Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:42.787{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2880CA82F233023DB52D015A54A93D23,SHA256=CB864370515CE1CDB7A8D12E66B87D9367550612C0D5D68D7EE2B1FD49BBA0B1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058658Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:42.178{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5162D90D3BAB97C86A94CE94EFA6B398,SHA256=D4E71F2BE4B23267DAA544112990F04B8990AA2485770269FB5E5F212235F21A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874107Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:43.801{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=692511D4746C731A69CD17C5D87C9B00,SHA256=56F2DAD2ACBE14F715D264A087CBBAF984D7386EE3BBFF08226EF2492977BE96,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058659Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:43.303{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=128755847E365A0AE84CF7615492BC1D,SHA256=30F5678D288455D06AA9AF8D8214AD1D56650772781A19588030C5F768B0BDE9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874106Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:43.651{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F6CB8B210EBC06DF3C00856EA701ADA0,SHA256=68A08B7B29FCDEAEFEE5F8D2E584417A78BA7591C6BFD8D48D81071A13D28BCA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874108Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:44.831{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=19FC4149DBF299C955C16CCCCCD90724,SHA256=5969DF6F359CBB35FD4972332DC008AE6AA6B2DD873073B8F244EC48941AA174,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000059058661Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:30.893{B81B27B7-28BE-6193-7E00-00000000CC01}5272C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58113-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000059058660Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:44.350{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C9270ACC06644BF507155E6863486203,SHA256=AC051D7FB37ED23924CAF495FE2BDF8CDADD54FB5201CED5FB59CE197C5E289B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x8000000000000000115874113Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:10.073{3BF36828-9797-6185-0B00-00000000CC01}636C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.15ip-10-0-1-15.us-west-2.compute.internal58114-false10.0.1.14win-dc-128.attackrange.local49672- 354300x8000000000000000115874112Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:10.071{3BF36828-9799-6185-0D00-00000000CC01}904C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcptruefalse10.0.1.14win-dc-128.attackrange.local61855-false10.0.1.15ip-10-0-1-15.us-west-2.compute.internal135epmap 354300x8000000000000000115874111Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:09.740{3BF36828-98A5-6185-ED00-00000000CC01}2352C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local61854-false10.0.1.12-8000- 23542300x8000000000000000115874110Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:45.848{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FF8106F55837A516028127025CE62C42,SHA256=2EDA1407B184CC6119FD39CC2E0E46679F332D005492C22E2F08E7CFF6258A5B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000059058666Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:32.097{B81B27B7-28B1-6193-0C00-00000000CC01}644C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58114-false10.0.1.14-49672- 354300x800000000000000059058665Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:32.095{B81B27B7-28B1-6193-0E00-00000000CC01}824C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse10.0.1.14-61855-false10.0.1.15win-host-987.attackrange.local135epmap 23542300x800000000000000059058664Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:45.633{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=9FCCAF3DD60B8D22F70D973C2837B0B7,SHA256=92E90EF0972DAE52EA45502337477AC2F2254274ED666CBCBC536F99C0875D48,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058663Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:45.633{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=E87DB3FA54AF131D5EE60875FADCF831,SHA256=59C73A3EAEFB357D951DD80627BAA6E8011D0D590131D8E5D12C1EC7CCB1F3C8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058662Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:45.366{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=598D248B79ED94D9154EDB6E79A8ABD8,SHA256=6E76CBBE3DB4064D08498E8FCB6AA902248393EB1E2AFB4B50BEF443BF60F1D2,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874109Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:45.099{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C3F7AD5C342D46EEB23F624E84E4428E,SHA256=8FA06D00D10ECBE0FE2257B09BAE125B84A32FCEEE03CE8383A6837E37C00DDD,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058667Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:46.444{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1AE79F7BCAFFEA5401F1A97F37A7D578,SHA256=95459F824AFAF60C7AD39B02A1E9C9D28FFA17163002B369C5185E350950CF16,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874114Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:46.881{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=149333A3E435DEF6D1DAD23E8357CEBE,SHA256=0477297FB253A9232DE49870C4142FF2945ECE2F4FE75B65516AC81FF3ED5700,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058668Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:47.677{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4F13193E4BAECAA3B559B36FDD14FB47,SHA256=B618DFB2AED236F44FE63F7B279F958BE7FF3C8B5C1E85CD3E2537E08DEE00C0,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874115Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:47.896{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D1BD0535224A48BD577EE178F8215026,SHA256=74FECB8EDEA0CC6576E1519354B3056777706C378948831F322C82393085F95D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058669Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:48.865{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E6F1F84B06855D05B46029DCDA385072,SHA256=39D62DA7C2AE9B4D9921E887C8185F69EC29D103E7BEA8CEC491122FF129EABE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874117Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:48.911{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F9207331DE96064D878E1BAEE28B9E60,SHA256=C29D3266DECF4BF7366DFE1D0F9E6BFA85BD3FBD5ED3F9C3C596F9A565FC8065,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874116Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:48.645{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=36B718DBA984DBFF2E82F647A7B3D4DA,SHA256=EE4E5D456F194018DDDE98E680C1D638F81238D3BE3AA4EB8FE461A63DBC88A5,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058670Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:49.881{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E7298BB607EB62419239AC571C19119A,SHA256=D8ACCC9C8CBACB8939F74787204ED26923F18589746F43DDA5F99BBBDF6143F5,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058671Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:50.896{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9131C5ACAFD0785B688B72E0EB8D525B,SHA256=69577E6743166FD3A2811B77D4467995A19191DE048B515A134F60BF5B2099DD,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874119Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:50.163{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=84BEFD5145F29E6ADDEF440096403066,SHA256=D58DE6A7AA0E339443FA960D75498F062AF59E23016AAA6F4CB362E9A5E057AC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874118Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:50.010{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A74FEE76402ACA2B0C5FA09707626E76,SHA256=57B2578B956B0F31226026ED9E88F7BC7B351B33B690EF2C0EB4D85767C2EAD4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058673Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:51.912{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DE9C358DA4713604AAC1637C5FA962B1,SHA256=722EAC3DEBE914C1B72D1B7E246A31D3DB6A64AE4583F77E5BD4D7C668A7B037,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x8000000000000000115874121Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:14.798{3BF36828-98A5-6185-ED00-00000000CC01}2352C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local61856-false10.0.1.12-8000- 23542300x8000000000000000115874120Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:51.024{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F827D7644FD10D3A05E10674DEF2C709,SHA256=D98BC7CE171D4BDBD667E198C03E39C3D4F666B05E031F9B2984FA5307575578,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000059058672Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:36.830{B81B27B7-28BE-6193-7E00-00000000CC01}5272C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58115-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000059058674Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:52.927{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E3F6DED4C5DA8CA1F37B171E983A3A50,SHA256=B1DE38F689BFA122E384D69F0A77779C3089855EFC525C8E5A9A895D435282CE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874122Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:52.041{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5EB6A4F6A633133DAB13C38A3608107E,SHA256=E607C8CE11ACBEBABBA757F0337EA40D2095F65333ECA5AEB126BF6A35C00686,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058675Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:53.927{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4E5CF0B366B997C5C7CB81D3241C4107,SHA256=32B4D99788C45346D42D6FC94A39CC912FDE1896B17CE621A367A33701155291,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874123Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:53.075{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7EB645D3C75017AA7243E67BBF9E87DB,SHA256=C208669E6457686E3C28A70C29637B1737CB2A27D5AB18FAC7A7CC2271A2EEDD,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058676Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:54.928{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3AC6F846784F5F61ED285F712C66DD8A,SHA256=8A3F72FE0975265D8B625CE02DA83E60FD105BC6776E7912E25F126115A28DD4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874124Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:54.105{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C83F52E09E1DE6B3614224EC7EB2FEB8,SHA256=5760AE3AC9125A1F564A5DC706D2FE6D032175A8E50E2BC27284C64773E91B31,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058677Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:55.943{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8B3C78B8C1AA3ADF4C5A7F90B1090C17,SHA256=832D8C17B0127A6D566BAEF00BEF3CC2F3B349AAAFD63FCCC4B3427414617CC0,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874127Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:55.274{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=CAA1966A2FE5215B1561F396CFE2CC3E,SHA256=EA0E0F72A397D2E01A686EDC2DBA98CE46E538BAABE45C53839F96F898CD430B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874126Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:55.274{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=FC8245C43ECE587ECDBBA4A564984F83,SHA256=D60390625575038D89D4D8494E828F139C963B9A7B3925A04C693136FEB3C411,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874125Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:55.138{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E7DF6B84A79F3705B51D264A116EC689,SHA256=89DA28F7E76A31E884EE877028150DEB42DC88D326500F6630B246D1447C1395,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058679Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:56.959{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2C8A3E4DF6007964C7975267CC22ADF6,SHA256=451C58CF6496124C881A35F54D8DC8EE69867D4A4BB83C5356D820F2273401D7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 13241300x8000000000000000115874130Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-SetValue2021-11-23 23:35:56.357{3BF36828-9799-6185-1000-00000000CC01}444C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d7e0c2-0xdccf5798) 23542300x8000000000000000115874129Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:56.204{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A5D756CB331E02927EA055685FC27B20,SHA256=E8E33E0F325AE6A3C54F0B4378A6579DB8AA57EE05CAD9D6604417DF4D768EEF,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000059058678Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:42.845{B81B27B7-28BE-6193-7E00-00000000CC01}5272C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58116-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 354300x8000000000000000115874128Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:19.914{3BF36828-98A5-6185-ED00-00000000CC01}2352C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local61857-false10.0.1.12-8000- 23542300x800000000000000059058682Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:57.974{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AC8C9198AFD1991ED4FE435B5F6B1F61,SHA256=99ACEA6A9ABBC1CA8107863B8FCDB4B1F81EA8939B191D13C9FABEE384923E22,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874132Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:57.318{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=CAA1966A2FE5215B1561F396CFE2CC3E,SHA256=EA0E0F72A397D2E01A686EDC2DBA98CE46E538BAABE45C53839F96F898CD430B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874131Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:57.236{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A2C9042F6C5159F8A2E673974B79D769,SHA256=8DBF63A3F700993C2E0FF676D9749350064FE5584D73A953D17A2AD1896958FA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058681Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:57.428{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=AC46BDEAEDBF29CC01DF48B66441E642,SHA256=8F70610B1BC7BEDD04CCEF7E095399763C5EBEE45F1CC588BEB79D8EC41A501F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058680Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:57.428{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=9FCCAF3DD60B8D22F70D973C2837B0B7,SHA256=92E90EF0972DAE52EA45502337477AC2F2254274ED666CBCBC536F99C0875D48,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058683Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:58.990{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D6A69E18C3CF3F830D86174ADA9D219C,SHA256=C231722BCC100751239264D8CC8341FF35FDFC73BAD5457AE2B229FF9F554CAF,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874134Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:58.270{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=466895D38D28751B90D32484469F65A3,SHA256=7D58800B4DA91B90747994343D9996FA09F3609BB6F873B581ED533EE61F9B07,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x8000000000000000115874133Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:21.943{3BF36828-9799-6185-1000-00000000CC01}444C:\Windows\System32\svchost.exeNT AUTHORITY\LOCAL SERVICEudptruefalse10.0.1.14win-dc-128.attackrange.local123ntpfalse168.61.215.74-123ntp 23542300x8000000000000000115874135Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:35:59.285{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=61716968F3D26FDAEE75F644451D37CF,SHA256=8BC1BE8BB9F2BC2F3552CC60246BD3861AE5824C2C506C76979C16FB41E04DC2,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874136Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:00.300{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=00F79D52CE905B9AF91CCB0B645F8A1F,SHA256=2206E1C8E1C3CB68A562EC04581D2A53EFB031479AC3032D45C5371F20DE3998,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058684Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:00.006{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C921659D9F27B5ED3BE36744A4AC09B2,SHA256=A8777AC6FE7875522DC0C028A754A9A282B3B51BD5785E4C484F1E29AEF1F916,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874138Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:01.352{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=98798A67CF05279A1A413CA4197FF625,SHA256=2EF3DA5AC24E850B1BF069903327113642D40B82D9B72E9FB2A60C9494628FC3,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058685Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:01.021{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=60D8D3FF39E121091A0AF5B98641C93D,SHA256=FBE112B6737AFD69B66BFFD903993D282C4D3D758053514690065D402C94085C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874137Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:01.215{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C1DDD3E5666B54A7AB7C2935F88919AC,SHA256=D9E09D99628048C361EE655A2455FFD7E1943B51E0EF78E141C2779362779BE7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874140Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:02.367{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1AB8349DCF2361D64ECBF50C5304B3D8,SHA256=CBF40CFC8F457AC1CCA39CC44F08629204BA6165B2EF04F9109425E16FF161F6,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000059058687Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:48.754{B81B27B7-28BE-6193-7E00-00000000CC01}5272C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58117-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000059058686Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:02.021{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3844BA8D524A06BB2D49D5195B7A7D83,SHA256=995DE4AC614C3FE7C6EEB74BBAA8A7C46F851ED400D730C99035099F5A2F45A2,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x8000000000000000115874139Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:25.841{3BF36828-98A5-6185-ED00-00000000CC01}2352C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local61858-false10.0.1.12-8000- 23542300x8000000000000000115874142Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:03.666{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=36FC8425ADBE7D638D26572452F5F0ED,SHA256=76932B186CC84FE114E86B042511DFA712785F32A68F81D59CCF4097CEE1307A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874141Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:03.382{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7EB76D26B83D41264B9069A37F4F8106,SHA256=DE0CD4F0B85926CA46B3EBB4BD68EABEDE1187238A3814D6B6A0CBB3BF032843,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058688Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:03.037{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2E71CEFD67CFE1240CD1813F8F9AE4A4,SHA256=5012C5B9B2085135CC0E5FC45375689CF0FEC8E689EF56E28E70EE53DF3D5820,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x8000000000000000115874149Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:04.681{3BF36828-D71A-619B-E89E-02000000CC01}53243188C:\Windows\explorer.exe{3BF36828-47A9-619D-74CA-02000000CC01}7544C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+15d19|C:\Windows\System32\SHELL32.dll+b1b50|C:\Windows\System32\SHELL32.dll+b3057|C:\Windows\explorer.exe+3c618|C:\Windows\explorer.exe+3c4a4|C:\Windows\explorer.exe+3c411|C:\Windows\System32\windows.storage.dll+13bd5f|C:\Windows\System32\windows.storage.dll+13aaeb|C:\Windows\System32\windows.storage.dll+13900f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115874148Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:04.681{3BF36828-D71A-619B-E89E-02000000CC01}53243188C:\Windows\explorer.exe{3BF36828-47A9-619D-74CA-02000000CC01}7544C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b1604|C:\Windows\System32\SHELL32.dll+b3057|C:\Windows\explorer.exe+3c618|C:\Windows\explorer.exe+3c4a4|C:\Windows\explorer.exe+3c411|C:\Windows\System32\windows.storage.dll+13bd5f|C:\Windows\System32\windows.storage.dll+13aaeb|C:\Windows\System32\windows.storage.dll+13900f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115874147Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:04.681{3BF36828-D71A-619B-E89E-02000000CC01}53244284C:\Windows\explorer.exe{3BF36828-47AA-619D-75CA-02000000CC01}4444C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b13af|C:\Windows\System32\SHELL32.dll+b2af0|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115874146Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:04.681{3BF36828-D71A-619B-E89E-02000000CC01}53244284C:\Windows\explorer.exe{3BF36828-47AA-619D-75CA-02000000CC01}4444C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+981b0|C:\Windows\System32\SHELL32.dll+b2aac|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115874145Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:04.681{3BF36828-D71A-619B-E89E-02000000CC01}53244284C:\Windows\explorer.exe{3BF36828-47AA-619D-75CA-02000000CC01}4444C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+b1604|C:\Windows\System32\SHELL32.dll+b2a80|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115874144Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:04.681{3BF36828-D71A-619B-E89E-02000000CC01}53244284C:\Windows\explorer.exe{3BF36828-47AA-619D-75CA-02000000CC01}4444C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d319|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000115874143Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:04.397{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=41A528686CCE0049F074ED094EA64720,SHA256=DBDBB43D58377823FA6910B4956B6514C824610765E66613F45EE84A0D3BF9AE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058690Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:04.318{B81B27B7-28B3-6193-2C00-00000000CC01}2332NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=9D45E1BDB6F237A6CF51FFC6A12E6130,SHA256=87EEE278CDF62B2B86AF9CB87BDB04BAFB10272CEA175D83979B0C43158C5AB9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058689Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:04.037{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3909F952CBD17D33FEA214F0242D5CF4,SHA256=137A7DB93029FB7FDFB7C3FE1C52733C06060861A26D2E4A07EE43C758AD3D1D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874151Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:05.411{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DBC022198360F5EBCB2C92346672BC2F,SHA256=FF1DE27ABD5806CA8F1A285235D3901DFB48991DDC512BA7FACDD0526C1DF1E6,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000059058692Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:51.986{B81B27B7-28B3-6193-2C00-00000000CC01}2332C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58118-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8089- 23542300x800000000000000059058691Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:05.052{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=73B2CD2A7D21F68C403C63D080A8D8D6,SHA256=2B7C0742A9EFA215969D8EB675555C00A61137B9D5B40284EE2C4E23FF32D155,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x8000000000000000115874150Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:05.149{3BF36828-9797-6185-0B00-00000000CC01}6366832C:\Windows\system32\lsass.exe{3BF36828-9792-6185-0100-00000000CC01}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 23542300x8000000000000000115874159Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:06.430{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EE93C414FA482EF23B842AC0CFF10753,SHA256=E65FF47E33763232D4F18A3521F98BFBF160B5CCA7856DEF78F22254CDD9C922,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058693Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:06.053{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=07180F9B2BDDB168F3F354E2D09D1CCE,SHA256=355107D68562E446E781AFA7C653D44D827C9271DFEB2850AD23FBC34751F8E6,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x8000000000000000115874158Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:30.808{3BF36828-9792-6185-0100-00000000CC01}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:b574:557a:2d92:ce61win-dc-128.attackrange.local61861-truefe80:0:0:0:b574:557a:2d92:ce61win-dc-128.attackrange.local445microsoft-ds 354300x8000000000000000115874157Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:30.808{3BF36828-9792-6185-0100-00000000CC01}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:b574:557a:2d92:ce61win-dc-128.attackrange.local61861-truefe80:0:0:0:b574:557a:2d92:ce61win-dc-128.attackrange.local445microsoft-ds 354300x8000000000000000115874156Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:30.693{3BF36828-9797-6185-0B00-00000000CC01}636C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-128.attackrange.local61860-false10.0.1.14win-dc-128.attackrange.local389ldap 354300x8000000000000000115874155Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:30.693{3BF36828-9799-6185-1600-00000000CC01}1272C:\Windows\System32\svchost.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local61860-false10.0.1.14win-dc-128.attackrange.local389ldap 354300x8000000000000000115874154Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:30.686{3BF36828-9797-6185-0B00-00000000CC01}636C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:b574:557a:2d92:ce61win-dc-128.attackrange.local61859-truefe80:0:0:0:b574:557a:2d92:ce61win-dc-128.attackrange.local389ldap 354300x8000000000000000115874153Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:30.686{3BF36828-9799-6185-1600-00000000CC01}1272C:\Windows\System32\svchost.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:b574:557a:2d92:ce61win-dc-128.attackrange.local61859-truefe80:0:0:0:b574:557a:2d92:ce61win-dc-128.attackrange.local389ldap 23542300x8000000000000000115874152Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:06.048{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=4629A1230302DE50644777A0B56E2180,SHA256=1EBA6BA2A72EE8481CD73FEA24048AAB4A65CE3CF760789F18307B657CE8F407,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874162Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:07.496{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=22C1241B5D3E76E07F93534F2E5482CB,SHA256=A610BCE3D2C443D31F08BC23B9FC71080B654ADB26D0652882040984683C426B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000059058695Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:53.830{B81B27B7-28BE-6193-7E00-00000000CC01}5272C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58119-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000059058694Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:07.068{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=25A9A028FA880F4C3ED729F92486B35F,SHA256=A60FADACAD0EED0BA409B45FF79F339948210349FAEE2985B95BE39E4BE3F465,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x8000000000000000115874161Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:31.766{3BF36828-98A5-6185-ED00-00000000CC01}2352C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local61862-false10.0.1.12-8000- 23542300x8000000000000000115874160Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:07.112{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=9CCD21162555BC5177941D1202227803,SHA256=6C201890E3373CC59F2055420964B18FF393A1401BE3DA5E14AE3FA2FEB20201,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874164Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:08.647{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=033687B8CB9D205CBCE616036304822D,SHA256=1EC16E27FB6CBD4C9522D8E79395288199222E1A52EAC13F9437077B2852DBBA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874163Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:08.510{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4F9BCA99C5B7E169EBB8B9053AA0E2EC,SHA256=95A9F98E37E0467A03C1A58955597828675EA8625F065CC6821C2FA69A10EF27,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058696Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:08.083{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=264AB48EEB36CC097FE75204E86BBB40,SHA256=6EA1C28DF7DAB33CE8B64A86DBCE696BE3E4D5B69D2502C199AAA902565453D5,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874166Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:09.527{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E8C721EA0D2CC10158F9DED9AF2EDCF7,SHA256=C29FCD8438049E563A466B5A2DCC304D6ED6F48C8ADEDC305DF236BD9FB795C3,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058697Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:09.083{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9677BD868210B1A65749BDE30E56DDED,SHA256=C5750F9FC6E88A31CF3404A37108A9485754B526DBBE38F3A4234053F937954A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874165Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:09.063{3BF36828-8A4E-6195-DEE0-01000000CC01}3124ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\v9017qz8.default-release\datareporting\aborted-session-pingMD5=522B6F89CF51CDAF6C31271218CF0B53,SHA256=46A72952999008A18D36B62E50579F5777171BEF2B33F02D636AD8A58DA75904,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874167Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:10.545{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=367A9D466B00172CD04E99D1B608FDCC,SHA256=8C1E105937EED24AFD8EB579C021B529B13288FECB34ED4B81CD4B47F7134AC9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058698Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:10.084{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2A42EF9AAD50E2A22C3E78D7BC97FB1A,SHA256=914B7E392C1F9929460D8544FE1F0B77E1DB24E977F143FEFA836F39AE8E6AED,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874168Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:11.576{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0A551E56E62FE851785353025682F16F,SHA256=EE0DF8ACAC55157F2AC23C97DA84C60443CB7647A1FF411F88464289C76597CE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058699Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:11.086{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8176D76F5927CABF55A9DEE850B29EF1,SHA256=B07481EE7D40A2BA7EB1A5F8B56EBC90323F4B1B8E770283CCCE1747A876D5D5,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874170Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:12.922{3BF36828-8A4E-6195-DEE0-01000000CC01}3124ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\v9017qz8.default-release\datareporting\glean\db\data.safe.binMD5=BBD2C2FFC284E543D4948F2EEE6341E1,SHA256=BBE8E800CDB4E123B21BE51F6C5ED9B44322A5C5E3962DD8717E9BF5D168A7B6,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874169Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:12.580{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9913FD8F01A3DA390C4C4243D83EF5FB,SHA256=E2ACD9897F05964E7B0AB85086F959BAA634AA843A1B47A1CA7364B925F2163E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000059058701Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:35:58.836{B81B27B7-28BE-6193-7E00-00000000CC01}5272C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58120-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000059058700Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:12.090{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=00ABCF6E08E08297036F96FDC8F7BA26,SHA256=6A231022957A7E72AB2C92F4800C05ED93BE8877E83648D7AED509066EFA646B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x8000000000000000115874173Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:37.778{3BF36828-98A5-6185-ED00-00000000CC01}2352C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local61863-false10.0.1.12-8000- 23542300x8000000000000000115874172Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:13.589{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AD2BCFBCECE70FC64A8BF076B6131E9C,SHA256=08CB21472E633158727525F2322EA5B729FEEF2713736C51B82400376EEB4A57,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058702Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:13.106{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=01EC9D8E414A7EAF486EDBD1050FA699,SHA256=A88956468E34C9F94D5E5AABC677964F4E0293B3DB8786E01BC26C80D193D6D0,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874171Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:13.158{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=CBD90F0431E7BF6FE5F673373F423BE0,SHA256=F5F8E65FBD2E3DB9C31391777DED77369F47E433F5D365A93C4BD76B122FF42A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 13241300x8000000000000000115874177Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-SetValue2021-11-23 23:36:14.726{3BF36828-97A9-6185-2E00-00000000CC01}2972C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Volumes\D370F6FF-0000-0000-0000-100000000000\Volume Configuration File\\.\C:\System Volume Information\DFSR\Config\Volume_D370F6FF-0000-0000-0000-100000000000.XML 13241300x8000000000000000115874176Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-SetValue2021-11-23 23:36:14.726{3BF36828-97A9-6185-2E00-00000000CC01}2972C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Replication Groups\CA735696-6C26-4910-BF98-1B50C97DCBCC\Config SourceDWORD (0x00000001) 13241300x8000000000000000115874175Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-SetValue2021-11-23 23:36:14.726{3BF36828-97A9-6185-2E00-00000000CC01}2972C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Replication Groups\CA735696-6C26-4910-BF98-1B50C97DCBCC\Replica Set Configuration File\\?\C:\System Volume Information\DFSR\Config\Replica_CA735696-6C26-4910-BF98-1B50C97DCBCC.XML 23542300x8000000000000000115874174Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:14.622{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B82C92E80505DC7B115EA4A826D8346F,SHA256=9A7D98AFEF6A0D8E2E3AD90626194520D7D8CCD7BAF27918D8ACB56BABBA1C1E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058703Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:14.122{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B047D1BD46D0ED4F278664B19739778F,SHA256=17ABC79C098AAE2E3E74524BA6B8AF5505DD5250160048B8D0F979B3091CFC44,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874179Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:15.741{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D7825E33D3174E54704B1D8F5FF0FF08,SHA256=F48022444AF1542E4646E70221DCC40B99EAC3798F3503BAF85002330F3C8FE3,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874178Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:15.641{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6C814204BAEE40D258305AFD92E97D9E,SHA256=71D0623AF63A5F8A8273295B676FAAF230EA9D0A86738DFE19EE8D860DD8E37D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058704Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:15.137{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5757DAD97DF3A3A248F7911033008EC5,SHA256=B2B20387B4B7AEF46D933C4D3E5017BC7D8423103EC29A6D2DD49A6137871465,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874187Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:16.971{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=519465A9F0102278FCB56EEC9789414A,SHA256=D8E34F4E28216EC4CBD15A35F3C991AC6D55E369758A197189A506B9E8C7A697,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874186Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:16.671{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FAE80C672B041AB220045934E687F322,SHA256=C525E9941EA6C2B715348E5D66C9A20B24FFC0FA3CC5FDFF77A1722F7EDF22C3,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058705Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:16.137{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=843F23EC4DE296461E9BE2039160E1C9,SHA256=E7833757966B509C53BE7A95D0CFCD1B6CA5F7E0A153811C58494F13FF01222C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x8000000000000000115874185Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:40.398{3BF36828-9797-6185-0B00-00000000CC01}636C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:b574:557a:2d92:ce61win-dc-128.attackrange.local61866-truefe80:0:0:0:b574:557a:2d92:ce61win-dc-128.attackrange.local389ldap 354300x8000000000000000115874184Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:40.397{3BF36828-97A9-6185-2E00-00000000CC01}2972C:\Windows\System32\dfsrs.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:b574:557a:2d92:ce61win-dc-128.attackrange.local61866-truefe80:0:0:0:b574:557a:2d92:ce61win-dc-128.attackrange.local389ldap 354300x8000000000000000115874183Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:40.391{3BF36828-9797-6185-0B00-00000000CC01}636C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:b574:557a:2d92:ce61win-dc-128.attackrange.local61865-truefe80:0:0:0:b574:557a:2d92:ce61win-dc-128.attackrange.local389ldap 354300x8000000000000000115874182Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:40.391{3BF36828-97A9-6185-2E00-00000000CC01}2972C:\Windows\System32\dfsrs.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:b574:557a:2d92:ce61win-dc-128.attackrange.local61865-truefe80:0:0:0:b574:557a:2d92:ce61win-dc-128.attackrange.local389ldap 354300x8000000000000000115874181Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:40.377{3BF36828-9799-6185-0D00-00000000CC01}904C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsetruefe80:0:0:0:b574:557a:2d92:ce61win-dc-128.attackrange.local61864-truefe80:0:0:0:b574:557a:2d92:ce61win-dc-128.attackrange.local135epmap 354300x8000000000000000115874180Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:40.377{3BF36828-97A9-6185-2E00-00000000CC01}2972C:\Windows\System32\dfsrs.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:b574:557a:2d92:ce61win-dc-128.attackrange.local61864-truefe80:0:0:0:b574:557a:2d92:ce61win-dc-128.attackrange.local135epmap 23542300x8000000000000000115874189Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:17.703{3BF36828-9799-6185-1100-00000000CC01}424NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=009B4F140232A163DA5BE5D77435946B,SHA256=F062920ADD820C469E280DFB00A6585AADE3A82B20B58B8A211D02624C22F983,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874188Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:17.672{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=00635EC815086349C7000C817353F5AC,SHA256=6CD22260B13D384AC78D942B86845919E971575B2884382BC19ABB0CA0F254B3,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058706Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:17.153{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0795E9E44DCB0F3572048B199ABF6432,SHA256=387B02D8D70EFB0931FE5C06A99F358D70E1B30D0F05E7F0C1085C256CACD843,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874191Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:18.723{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6AE07D05AE8D49D27ABE06BD761AB5CA,SHA256=2053CE916EE80559CA84811EEEED4F3479DF7D98FDCFF4994604A090CE29738A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058707Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:18.168{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=854F70CFBAF894B4933080078C5BF4EE,SHA256=433BC45E3A40C53140218CB480197C5CE2235969F732CD6E9F4D7CD046359081,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874190Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:18.203{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A28D3F431CBEFA123753C7D5F99A659C,SHA256=23B216F79175E14BA18E6C7E7375E2D0503AA54C0B28B9FBAB9FCE65E4E06AB1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874193Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:19.771{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E40843E14BE1F150F397C571811A0FB7,SHA256=1CCF317497C376C96A52DBF8303C667734CDD39AC98FC2489D140E21394C5957,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058709Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:19.184{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=99F3FD9C933D5BCC18625620E13DBA52,SHA256=961F1B2D823B08E0A0FF19C22D315D8598EC16931537FE6E940BC2406A0DEAF1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x8000000000000000115874192Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:42.842{3BF36828-98A5-6185-ED00-00000000CC01}2352C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local61867-false10.0.1.12-8000- 354300x800000000000000059058708Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:04.774{B81B27B7-28BE-6193-7E00-00000000CC01}5272C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58121-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x8000000000000000115874194Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:20.785{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E619A58D000D7C4BF84EF5B92E11C389,SHA256=268A385396D48F6701552B339D1D2BEE1B438AAC119AA6A12B80A694F754EA98,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058710Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:20.200{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=69FCEF16E9F28C6D37ECCA28F349B25E,SHA256=8A845DA3EB4DE0FA0529253AB2FE15D8F93356101FA2F2752CFA7B5924C055B4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874196Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:21.838{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9EFB6A78A541CA37C5E9EAB84A916AD6,SHA256=DB507734CA72DBEDE8AD8CAD8E16E2DFEEA4B4FAA9202C2E315760AAE1247238,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058711Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:21.215{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=321FF611A394C44C4944FE87110F4DEE,SHA256=9D3E475F332B3A4EFCDD66B4A3E2F46C0664AB01C18A248069D41754AAF7BB35,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874195Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:21.038{3BF36828-989D-6185-BF00-00000000CC01}2968NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=9D45E1BDB6F237A6CF51FFC6A12E6130,SHA256=87EEE278CDF62B2B86AF9CB87BDB04BAFB10272CEA175D83979B0C43158C5AB9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874199Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:22.852{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AA27FC5AAB4A16014528BB5C9ED03EB4,SHA256=00F4E7C81E125220E2496A59F105B5E9750EC74EE1C65231AB887EABB3D04642,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058712Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:22.231{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=706FD671FF34D1C36F4115D66C70D53B,SHA256=CA3AB217460B40B18C57B1071378619E30CF8EDD5A6579F7E424382DC0981606,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x8000000000000000115874198Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:46.673{3BF36828-989D-6185-BF00-00000000CC01}2968C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local61868-false10.0.1.12-8089- 23542300x8000000000000000115874197Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:22.038{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A7BDA9B72D0C8C8DE6E72B70EF302B13,SHA256=9E343DD312B51D76CA09F83C46A4F32642202234541082F0B273EC04D11A06DB,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874201Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:23.899{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2A1108762806497F0A91FC38B11BF8D8,SHA256=5C371A04C73DD2BA476D6093FD6D10BC1B93CAD42C9E488038D55E7589B958BD,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058714Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:23.231{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=56CBE363F1A0854CAC3ABB2B744A72A6,SHA256=F2B3D988EA41AF04475ABEC0F2FDEBE4207B52FB28B1DFB50CABAF35EBD794C5,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874200Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:23.668{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=378740E087F3111433FB3C043D8415F3,SHA256=6D95EB7E27D57B82B7E233FA159FCBBA464028FD8EE7E55024837AC2D89A9185,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058713Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:23.122{B81B27B7-28B2-6193-1300-00000000CC01}364NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=E0101D39CA9A23C29DEB00337175D4D9,SHA256=C401028D3FDDDB70C51EE058CEC8E1042FAD0595DC25482990698C8B0068EBB8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874203Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:24.935{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0F02CEF6C71A2B3B083A9E1A79176146,SHA256=7B349A7DC3586AC50087BC1FDA2F2059C3E12A82BACB18D08DAA33D6A0B05352,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058715Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:24.247{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EA3EED9190C435525F6723820CC6B7BC,SHA256=27C1F497626313127304D1AB90ABF0496416A8E99FF1CCB83CF712CF3838D1D9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x8000000000000000115874202Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:48.771{3BF36828-98A5-6185-ED00-00000000CC01}2352C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local61869-false10.0.1.12-8000- 23542300x8000000000000000115874204Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:25.950{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4833DA75D8C9C352864D07F9F9759AAF,SHA256=686D8C0F446FDA600933C6FFDF3255904205B3D08E242C604BCD295C382ED0B6,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000059058717Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:10.742{B81B27B7-28BE-6193-7E00-00000000CC01}5272C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58122-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000059058716Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:25.262{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1852C654B20324C96082C38342D62323,SHA256=847E6FF05022743B1F65EBEC509BD7F86A1D41673DDC063A64124BD53D2C3B18,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874205Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:26.996{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CAA4BA8039490E78EBE0B5E311951F93,SHA256=4A83B6396B9549022DB25AB4E0B9E9BBF1E1489E920C07BDB372E6D10CEA6155,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058718Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:26.278{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9DE592C9F2417831FC9F59CAB965F4FA,SHA256=25132294E44684F11FB71DA50AC411C680F382965418A029548D5E9D661DFBBA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874206Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:27.996{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8C11C19B0D662C4CFA42D4C1371F7D07,SHA256=A2BDE29E13E01566B43C5DB9771EF74C74DEE367F9693619F1D82C13915307FA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000059058733Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:27.732{B81B27B7-7AFB-619D-F336-01000000CC01}47205188C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{B81B27B7-28B3-6193-2C00-00000000CC01}2332C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058732Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:27.543{B81B27B7-28B4-6193-3100-00000000CC01}31203140C:\Windows\system32\conhost.exe{B81B27B7-7AFB-619D-F336-01000000CC01}4720C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058731Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:27.543{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058730Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:27.543{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058729Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:27.543{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058728Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:27.543{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058727Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:27.543{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058726Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:27.543{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058725Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:27.543{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058724Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:27.528{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058723Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:27.528{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058722Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:27.528{B81B27B7-28B0-6193-0500-00000000CC01}408424C:\Windows\system32\csrss.exe{B81B27B7-7AFB-619D-F336-01000000CC01}4720C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000059058721Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:27.528{B81B27B7-28B3-6193-2C00-00000000CC01}23323408C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{B81B27B7-7AFB-619D-F336-01000000CC01}4720C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000059058720Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:27.528{B81B27B7-7AFB-619D-F336-01000000CC01}4720C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{B81B27B7-28B1-6193-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{B81B27B7-28B3-6193-2C00-00000000CC01}2332C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000059058719Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:27.278{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6BAEBB2E9BB8F035C6BFBA878DFC5CE2,SHA256=A79EC3FEAF9A3C21A6D354955173328A5265C51BB196AF9959702EE7AE933A1A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000059058762Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:28.826{B81B27B7-28B4-6193-3100-00000000CC01}31203140C:\Windows\system32\conhost.exe{B81B27B7-7AFC-619D-F536-01000000CC01}4204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058761Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:28.826{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058760Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:28.826{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058759Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:28.826{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058758Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:28.826{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058757Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:28.826{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058756Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:28.826{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058755Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:28.826{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058754Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:28.826{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058753Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:28.826{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058752Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:28.826{B81B27B7-28B0-6193-0500-00000000CC01}408424C:\Windows\system32\csrss.exe{B81B27B7-7AFC-619D-F536-01000000CC01}4204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000059058751Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:28.810{B81B27B7-28B3-6193-2C00-00000000CC01}23323408C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{B81B27B7-7AFC-619D-F536-01000000CC01}4204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000059058750Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:28.811{B81B27B7-7AFC-619D-F536-01000000CC01}4204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{B81B27B7-28B1-6193-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{B81B27B7-28B3-6193-2C00-00000000CC01}2332C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000059058749Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:28.764{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=8C49A7786573D47723CA36F3C0AE306D,SHA256=CCCFA0017C770AA228618831E56417DAA68ABF29D62D09013512ED2B19139A1B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058748Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:28.764{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=AC46BDEAEDBF29CC01DF48B66441E642,SHA256=8F70610B1BC7BEDD04CCEF7E095399763C5EBEE45F1CC588BEB79D8EC41A501F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058747Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:28.670{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AFD1346AEB8F1DFE0B2EA4F2577E6588,SHA256=3D91CF19B509A07657DBDF1645C7F62C6615B596467CE9B3EA1ED11FC5454B2B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874208Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:28.664{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D6886261A33D570E7360309A9368FFEF,SHA256=B31087B22B0B32A351EC22684C834924F2CD9062F7D6C598989A62439AEEAE4A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874207Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:28.664{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B20694306D41A6B09AF761EBE8F655C9,SHA256=7C958065535B7F44F638F3E2F965155818BC87D0B23E96CACF22CEA1AB400AA7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000059058746Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:28.232{B81B27B7-28B4-6193-3100-00000000CC01}31203140C:\Windows\system32\conhost.exe{B81B27B7-7AFC-619D-F436-01000000CC01}3568C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058745Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:28.232{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058744Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:28.232{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058743Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:28.232{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058742Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:28.232{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058741Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:28.232{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058740Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:28.232{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058739Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:28.232{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058738Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:28.232{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058737Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:28.232{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058736Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:28.232{B81B27B7-28B0-6193-0500-00000000CC01}408528C:\Windows\system32\csrss.exe{B81B27B7-7AFC-619D-F436-01000000CC01}3568C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000059058735Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:28.217{B81B27B7-28B3-6193-2C00-00000000CC01}23323408C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{B81B27B7-7AFC-619D-F436-01000000CC01}3568C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000059058734Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:28.217{B81B27B7-7AFC-619D-F436-01000000CC01}3568C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{B81B27B7-28B1-6193-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{B81B27B7-28B3-6193-2C00-00000000CC01}2332C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000059058764Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:29.888{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8D386FBD2CAAA5CE82690B4AAFEFA4B3,SHA256=63DC7B39D8935717AF167611D249CC260997D3F62748EDE51938043F447A7A91,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x8000000000000000115874210Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:53.905{3BF36828-98A5-6185-ED00-00000000CC01}2352C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local61870-false10.0.1.12-8000- 23542300x8000000000000000115874209Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:29.033{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=577C467AA6C76EC371B873C17BF897CD,SHA256=BE54ACD5DDEE4A472CF13E9D88D3C5D1BD5A4969C4E55D10DB9C44CEEDCEE191,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058763Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:29.857{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=8C49A7786573D47723CA36F3C0AE306D,SHA256=CCCFA0017C770AA228618831E56417DAA68ABF29D62D09013512ED2B19139A1B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000059058765Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:15.931{B81B27B7-28BE-6193-7E00-00000000CC01}5272C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58123-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x8000000000000000115874211Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:30.064{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=923AB0A983ED4CA18082EB8732B30565,SHA256=49E23561F174E407354D12D7537F1D0FE1E50282C90C448E6B06D508A6FA278D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058766Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:31.123{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=458B737DE555674ADCAE35148386437F,SHA256=E4B431648236310A3A164B18099CE587C50A9648D53C6FED3ECE86AFCEF621D0,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874212Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:31.095{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4976FA82317591AD704BCF79BC76A2B3,SHA256=AE974806D39FEA4B5CD6EFA0312D354ADB1E24825A98D7B56972927BDF4979E7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058767Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:32.326{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A0999B9824AF1962D684DD7D01EAA0B4,SHA256=CBFAB15AAC0B283FD8E714FAEF8FA5B90569D9CDA56B4645064B1C17728B3134,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x8000000000000000115874316Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:32.895{3BF36828-7B00-619D-8CD0-02000000CC01}220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x8000000000000000115874315Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:32.895{3BF36828-7B00-619D-8CD0-02000000CC01}220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=B6E99FD898E948657373BB02708C7C00,SHA256=90476029BD7AB0FEC53AAE567AE53BC0B09C7C5C8C7B8F19485BA872B74ED591,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x8000000000000000115874314Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:32.879{3BF36828-7B00-619D-8CD0-02000000CC01}220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x8000000000000000115874313Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:32.879{3BF36828-7B00-619D-8CD0-02000000CC01}220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x8000000000000000115874312Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:32.879{3BF36828-7B00-619D-8CD0-02000000CC01}220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x8000000000000000115874311Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:32.879{3BF36828-7B00-619D-8CD0-02000000CC01}220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x8000000000000000115874310Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:32.879{3BF36828-7B00-619D-8CD0-02000000CC01}220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x8000000000000000115874309Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:32.879{3BF36828-7B00-619D-8CD0-02000000CC01}220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x8000000000000000115874308Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:32.863{3BF36828-7B00-619D-8CD0-02000000CC01}220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x8000000000000000115874307Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:32.863{3BF36828-7B00-619D-8CD0-02000000CC01}220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x8000000000000000115874306Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:32.863{3BF36828-7B00-619D-8CD0-02000000CC01}220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x8000000000000000115874305Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:32.863{3BF36828-7B00-619D-8CD0-02000000CC01}220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x8000000000000000115874304Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:32.863{3BF36828-7B00-619D-8CD0-02000000CC01}220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=88632FDECDE467B887C3594BE2EC545C,SHA256=FFED4D80961917C785063411ED15CED1DB6588AD925E76D72E1BF684FFDBF25D,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x8000000000000000115874303Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:32.863{3BF36828-7B00-619D-8CD0-02000000CC01}220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x8000000000000000115874302Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:32.863{3BF36828-7B00-619D-8CD0-02000000CC01}220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x8000000000000000115874301Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:32.863{3BF36828-7B00-619D-8CD0-02000000CC01}220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000115874300Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:32.863{3BF36828-7B00-619D-8CD0-02000000CC01}220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x8000000000000000115874299Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:32.863{3BF36828-7B00-619D-8CD0-02000000CC01}220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x8000000000000000115874298Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:32.863{3BF36828-7B00-619D-8CD0-02000000CC01}220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x8000000000000000115874297Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:32.863{3BF36828-7B00-619D-8CD0-02000000CC01}220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x8000000000000000115874296Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:32.863{3BF36828-7B00-619D-8CD0-02000000CC01}220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x8000000000000000115874295Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:32.863{3BF36828-7B00-619D-8CD0-02000000CC01}220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x8000000000000000115874294Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:32.863{3BF36828-7B00-619D-8CD0-02000000CC01}220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x8000000000000000115874293Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:32.863{3BF36828-7B00-619D-8CD0-02000000CC01}220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4350 (rs1_release.210407-2154)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=BC930981DA6E598A6A2E87D8355CB38A,SHA256=34DB9A305C0574B5C1694A499221B520DFB2BFD894D8E95096ABF09F1182D758,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x8000000000000000115874292Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:32.863{3BF36828-7B00-619D-8CD0-02000000CC01}220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x8000000000000000115874291Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:32.863{3BF36828-7B00-619D-8CD0-02000000CC01}220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x8000000000000000115874290Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:32.863{3BF36828-7B00-619D-8CD0-02000000CC01}220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x8000000000000000115874289Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:32.863{3BF36828-7B00-619D-8CD0-02000000CC01}220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x8000000000000000115874288Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:32.863{3BF36828-7B00-619D-8CD0-02000000CC01}220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x8000000000000000115874287Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:32.863{3BF36828-7B00-619D-8CD0-02000000CC01}220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x8000000000000000115874286Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:32.863{3BF36828-7B00-619D-8CD0-02000000CC01}220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x8000000000000000115874285Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:32.863{3BF36828-7B00-619D-8CD0-02000000CC01}220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x8000000000000000115874284Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:32.863{3BF36828-7B00-619D-8CD0-02000000CC01}220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x8000000000000000115874283Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:32.863{3BF36828-7B00-619D-8CD0-02000000CC01}220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x8000000000000000115874282Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:32.863{3BF36828-7B00-619D-8CD0-02000000CC01}220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.2969 (rs1_release.190503-1820)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=F5442C4B9A99C3AED71BED79AC46DAD1,SHA256=05F47403F3BD93FB11F39A5CB4D6E4DD08B35FF4FA3D4969D8E5396D38FB484B,IMPHASH=D2F471BB25AF6310EB67BD4EA99B4DBCtrueMicrosoft WindowsValid 10341000x8000000000000000115874281Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:32.863{3BF36828-989E-6185-C300-00000000CC01}59565960C:\Windows\system32\conhost.exe{3BF36828-7B00-619D-8CD0-02000000CC01}220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x8000000000000000115874280Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:32.863{3BF36828-7B00-619D-8CD0-02000000CC01}220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x8000000000000000115874279Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:32.863{3BF36828-7B00-619D-8CD0-02000000CC01}220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x8000000000000000115874278Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:32.863{3BF36828-7B00-619D-8CD0-02000000CC01}220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000115874277Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:32.863{3BF36828-7B00-619D-8CD0-02000000CC01}220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1CtrueSplunk, Inc.Valid 10341000x8000000000000000115874276Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:32.863{3BF36828-9799-6185-0C00-00000000CC01}844988C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115874275Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:32.863{3BF36828-9799-6185-0C00-00000000CC01}844988C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115874274Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:32.863{3BF36828-9799-6185-0C00-00000000CC01}844988C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115874273Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:32.863{3BF36828-9799-6185-0C00-00000000CC01}844988C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115874272Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:32.863{3BF36828-9797-6185-0500-00000000CC01}420436C:\Windows\system32\csrss.exe{3BF36828-7B00-619D-8CD0-02000000CC01}220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000115874271Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:32.863{3BF36828-989D-6185-BF00-00000000CC01}29682452C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3BF36828-7B00-619D-8CD0-02000000CC01}220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000115874270Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:32.849{3BF36828-7B00-619D-8CD0-02000000CC01}220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{3BF36828-9797-6185-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{3BF36828-989D-6185-BF00-00000000CC01}2968C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000115874269Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:32.379{3BF36828-7B00-619D-8BD0-02000000CC01}35647888C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{3BF36828-989D-6185-BF00-00000000CC01}2968C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x8000000000000000115874268Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:32.379{3BF36828-7B00-619D-8BD0-02000000CC01}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x8000000000000000115874267Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:32.379{3BF36828-7B00-619D-8BD0-02000000CC01}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 10341000x8000000000000000115874266Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:32.363{3BF36828-9D19-618C-1ED4-00000000CC01}61284772C:\Windows\system32\taskmgr.exe{3BF36828-7B00-619D-8BD0-02000000CC01}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+19544|C:\Windows\system32\taskmgr.exe+1a290|C:\Windows\system32\taskmgr.exe+19e20|C:\Windows\system32\taskmgr.exe+1cc42|C:\Windows\system32\taskmgr.exe+14fa9|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115874265Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:32.363{3BF36828-9D19-618C-1ED4-00000000CC01}61284772C:\Windows\system32\taskmgr.exe{3BF36828-7B00-619D-8BD0-02000000CC01}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\taskmgr.exe+1e590|C:\Windows\system32\taskmgr.exe+1a25e|C:\Windows\system32\taskmgr.exe+19e20|C:\Windows\system32\taskmgr.exe+1cc42|C:\Windows\system32\taskmgr.exe+14fa9|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115874264Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:32.363{3BF36828-9D19-618C-1ED4-00000000CC01}61284772C:\Windows\system32\taskmgr.exe{3BF36828-7B00-619D-8BD0-02000000CC01}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+1ea6a|C:\Windows\system32\taskmgr.exe+1a0d0|C:\Windows\system32\taskmgr.exe+19e20|C:\Windows\system32\taskmgr.exe+1cc42|C:\Windows\system32\taskmgr.exe+14fa9|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115874263Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:32.363{3BF36828-9D19-618C-1ED4-00000000CC01}61284772C:\Windows\system32\taskmgr.exe{3BF36828-7B00-619D-8BD0-02000000CC01}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+b1cf|C:\Windows\system32\taskmgr.exe+1a084|C:\Windows\system32\taskmgr.exe+19e20|C:\Windows\system32\taskmgr.exe+1cc42|C:\Windows\system32\taskmgr.exe+14fa9|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115874262Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:32.363{3BF36828-9D19-618C-1ED4-00000000CC01}61284772C:\Windows\system32\taskmgr.exe{3BF36828-7B00-619D-8BD0-02000000CC01}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+b2b8|C:\Windows\system32\taskmgr.exe+19d0d|C:\Windows\system32\taskmgr.exe+1cc42|C:\Windows\system32\taskmgr.exe+14fa9|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x8000000000000000115874261Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:32.216{3BF36828-7B00-619D-8BD0-02000000CC01}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x8000000000000000115874260Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:32.214{3BF36828-7B00-619D-8BD0-02000000CC01}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rsaenh.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=B6E99FD898E948657373BB02708C7C00,SHA256=90476029BD7AB0FEC53AAE567AE53BC0B09C7C5C8C7B8F19485BA872B74ED591,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x8000000000000000115874259Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:32.214{3BF36828-7B00-619D-8BD0-02000000CC01}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x8000000000000000115874258Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:32.213{3BF36828-7B00-619D-8BD0-02000000CC01}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x8000000000000000115874257Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:32.211{3BF36828-7B00-619D-8BD0-02000000CC01}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x8000000000000000115874256Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:32.211{3BF36828-7B00-619D-8BD0-02000000CC01}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x8000000000000000115874255Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:32.210{3BF36828-7B00-619D-8BD0-02000000CC01}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x8000000000000000115874254Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:32.210{3BF36828-7B00-619D-8BD0-02000000CC01}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x8000000000000000115874253Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:32.210{3BF36828-7B00-619D-8BD0-02000000CC01}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x8000000000000000115874252Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:32.193{3BF36828-7B00-619D-8BD0-02000000CC01}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x8000000000000000115874251Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:32.193{3BF36828-7B00-619D-8BD0-02000000CC01}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x8000000000000000115874250Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:32.193{3BF36828-7B00-619D-8BD0-02000000CC01}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x8000000000000000115874249Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:32.193{3BF36828-7B00-619D-8BD0-02000000CC01}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x8000000000000000115874248Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:32.193{3BF36828-7B00-619D-8BD0-02000000CC01}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x8000000000000000115874247Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:32.193{3BF36828-7B00-619D-8BD0-02000000CC01}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x8000000000000000115874246Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:32.193{3BF36828-7B00-619D-8BD0-02000000CC01}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x8000000000000000115874245Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:32.193{3BF36828-7B00-619D-8BD0-02000000CC01}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x8000000000000000115874244Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:32.193{3BF36828-7B00-619D-8BD0-02000000CC01}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x8000000000000000115874243Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:32.193{3BF36828-7B00-619D-8BD0-02000000CC01}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x8000000000000000115874242Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:32.193{3BF36828-7B00-619D-8BD0-02000000CC01}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x8000000000000000115874241Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:32.193{3BF36828-7B00-619D-8BD0-02000000CC01}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x8000000000000000115874240Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:32.193{3BF36828-7B00-619D-8BD0-02000000CC01}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x8000000000000000115874239Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:32.193{3BF36828-7B00-619D-8BD0-02000000CC01}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x8000000000000000115874238Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:32.193{3BF36828-7B00-619D-8BD0-02000000CC01}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\advapi32.dll10.0.14393.2969 (rs1_release.190503-1820)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=F5442C4B9A99C3AED71BED79AC46DAD1,SHA256=05F47403F3BD93FB11F39A5CB4D6E4DD08B35FF4FA3D4969D8E5396D38FB484B,IMPHASH=D2F471BB25AF6310EB67BD4EA99B4DBCtrueMicrosoft WindowsValid 734700x8000000000000000115874237Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:32.193{3BF36828-7B00-619D-8BD0-02000000CC01}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x8000000000000000115874236Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:32.193{3BF36828-7B00-619D-8BD0-02000000CC01}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x8000000000000000115874235Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:32.193{3BF36828-7B00-619D-8BD0-02000000CC01}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x8000000000000000115874234Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:32.193{3BF36828-7B00-619D-8BD0-02000000CC01}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x8000000000000000115874233Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:32.193{3BF36828-7B00-619D-8BD0-02000000CC01}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4350 (rs1_release.210407-2154)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=BC930981DA6E598A6A2E87D8355CB38A,SHA256=34DB9A305C0574B5C1694A499221B520DFB2BFD894D8E95096ABF09F1182D758,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x8000000000000000115874232Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:32.193{3BF36828-7B00-619D-8BD0-02000000CC01}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x8000000000000000115874231Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:32.193{3BF36828-7B00-619D-8BD0-02000000CC01}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\combase.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=88632FDECDE467B887C3594BE2EC545C,SHA256=FFED4D80961917C785063411ED15CED1DB6588AD925E76D72E1BF684FFDBF25D,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x8000000000000000115874230Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:32.193{3BF36828-7B00-619D-8BD0-02000000CC01}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x8000000000000000115874229Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:32.193{3BF36828-7B00-619D-8BD0-02000000CC01}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x8000000000000000115874228Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:32.193{3BF36828-7B00-619D-8BD0-02000000CC01}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x8000000000000000115874227Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:32.193{3BF36828-7B00-619D-8BD0-02000000CC01}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000115874226Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:32.193{3BF36828-7B00-619D-8BD0-02000000CC01}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 10341000x8000000000000000115874225Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:32.193{3BF36828-989E-6185-C300-00000000CC01}59565960C:\Windows\system32\conhost.exe{3BF36828-7B00-619D-8BD0-02000000CC01}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x8000000000000000115874224Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:32.193{3BF36828-7B00-619D-8BD0-02000000CC01}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x8000000000000000115874223Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:32.193{3BF36828-7B00-619D-8BD0-02000000CC01}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x8000000000000000115874222Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:32.178{3BF36828-7B00-619D-8BD0-02000000CC01}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000115874221Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:32.178{3BF36828-7B00-619D-8BD0-02000000CC01}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exeMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165trueSplunk, Inc.Valid 10341000x8000000000000000115874220Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:32.178{3BF36828-9799-6185-0C00-00000000CC01}844988C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115874219Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:32.178{3BF36828-9799-6185-0C00-00000000CC01}844988C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115874218Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:32.178{3BF36828-9799-6185-0C00-00000000CC01}844988C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115874217Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:32.178{3BF36828-9799-6185-0C00-00000000CC01}844988C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115874216Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:32.178{3BF36828-9797-6185-0500-00000000CC01}420436C:\Windows\system32\csrss.exe{3BF36828-7B00-619D-8BD0-02000000CC01}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000115874215Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:32.178{3BF36828-989D-6185-BF00-00000000CC01}29682452C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3BF36828-7B00-619D-8BD0-02000000CC01}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000115874214Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:32.163{3BF36828-7B00-619D-8BD0-02000000CC01}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{3BF36828-9797-6185-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{3BF36828-989D-6185-BF00-00000000CC01}2968C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000115874213Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:32.112{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=14629A90ABC57C71DA133FE57359A038,SHA256=628CB217D72C63B607CBF8209E403F53CCB2CF36DF8DB7C324041BFDA7A541CE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x8000000000000000115874378Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:33.763{3BF36828-7B01-619D-8DD0-02000000CC01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x8000000000000000115874377Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:33.747{3BF36828-7B01-619D-8DD0-02000000CC01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x8000000000000000115874376Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:33.747{3BF36828-7B01-619D-8DD0-02000000CC01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x8000000000000000115874375Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:33.579{3BF36828-7B01-619D-8DD0-02000000CC01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x8000000000000000115874374Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:33.579{3BF36828-7B01-619D-8DD0-02000000CC01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=B6E99FD898E948657373BB02708C7C00,SHA256=90476029BD7AB0FEC53AAE567AE53BC0B09C7C5C8C7B8F19485BA872B74ED591,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x8000000000000000115874373Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:33.579{3BF36828-7B01-619D-8DD0-02000000CC01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x8000000000000000115874372Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:33.579{3BF36828-7B01-619D-8DD0-02000000CC01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x8000000000000000115874371Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:33.563{3BF36828-7B01-619D-8DD0-02000000CC01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x8000000000000000115874370Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:33.563{3BF36828-7B01-619D-8DD0-02000000CC01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x8000000000000000115874369Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:33.563{3BF36828-7B01-619D-8DD0-02000000CC01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x8000000000000000115874368Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:33.563{3BF36828-7B01-619D-8DD0-02000000CC01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x8000000000000000115874367Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:33.563{3BF36828-7B01-619D-8DD0-02000000CC01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sspicli.dll10.0.14393.2580 (rs1_release_inmarket.181009-1745)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=5061339CE61C0B32DB8F51A95E3B2422,SHA256=60558CA374334D4C6BBAD475921538C14A9FF3422893348A0503C1F33015FD25,IMPHASH=4B1C9487A6420C18F688F0EC5BEB6F33trueMicrosoft WindowsValid 734700x8000000000000000115874366Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:33.563{3BF36828-7B01-619D-8DD0-02000000CC01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x8000000000000000115874365Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:33.563{3BF36828-7B01-619D-8DD0-02000000CC01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x8000000000000000115874364Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:33.563{3BF36828-7B01-619D-8DD0-02000000CC01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x8000000000000000115874363Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:33.563{3BF36828-7B01-619D-8DD0-02000000CC01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x8000000000000000115874362Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:33.563{3BF36828-7B01-619D-8DD0-02000000CC01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x8000000000000000115874361Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:33.563{3BF36828-7B01-619D-8DD0-02000000CC01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x8000000000000000115874360Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:33.563{3BF36828-7B01-619D-8DD0-02000000CC01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\combase.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=88632FDECDE467B887C3594BE2EC545C,SHA256=FFED4D80961917C785063411ED15CED1DB6588AD925E76D72E1BF684FFDBF25D,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x8000000000000000115874359Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:33.563{3BF36828-7B01-619D-8DD0-02000000CC01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x8000000000000000115874358Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:33.563{3BF36828-7B01-619D-8DD0-02000000CC01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x8000000000000000115874357Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:33.563{3BF36828-7B01-619D-8DD0-02000000CC01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x8000000000000000115874356Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:33.563{3BF36828-7B01-619D-8DD0-02000000CC01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x8000000000000000115874355Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:33.563{3BF36828-7B01-619D-8DD0-02000000CC01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x8000000000000000115874354Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:33.563{3BF36828-7B01-619D-8DD0-02000000CC01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x8000000000000000115874353Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:33.563{3BF36828-7B01-619D-8DD0-02000000CC01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x8000000000000000115874352Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:33.563{3BF36828-7B01-619D-8DD0-02000000CC01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x8000000000000000115874351Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:33.563{3BF36828-7B01-619D-8DD0-02000000CC01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x8000000000000000115874350Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:33.563{3BF36828-7B01-619D-8DD0-02000000CC01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000115874349Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:33.563{3BF36828-7B01-619D-8DD0-02000000CC01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x8000000000000000115874348Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:33.563{3BF36828-7B01-619D-8DD0-02000000CC01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x8000000000000000115874347Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:33.563{3BF36828-7B01-619D-8DD0-02000000CC01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x8000000000000000115874346Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:33.563{3BF36828-7B01-619D-8DD0-02000000CC01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x8000000000000000115874345Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:33.563{3BF36828-7B01-619D-8DD0-02000000CC01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x8000000000000000115874344Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:33.563{3BF36828-7B01-619D-8DD0-02000000CC01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\nsi.dll10.0.14393.3297 (rs1_release_1.191001-1045)NSI User-mode interface DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationnsi.dllMD5=994E2A6D2A0B38E0968B3998E42033AC,SHA256=491F2D1DE09C39B324BCF5800198AC7CCE755F4023F1FEB3854D33716461BC27,IMPHASH=B01B7830101BC0D5FBDE4FFE2B170CF7trueMicrosoft WindowsValid 734700x8000000000000000115874343Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:33.563{3BF36828-7B01-619D-8DD0-02000000CC01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x8000000000000000115874342Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:33.563{3BF36828-7B01-619D-8DD0-02000000CC01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\IPHLPAPI.DLL10.0.14393.2339 (rs1_release_inmarket.180611-1502)IP Helper APIMicrosoft® Windows® Operating SystemMicrosoft Corporationiphlpapi.dllMD5=3CD38EDF9CA12F91131EDEE32D1C9DF5,SHA256=AF2440640BF8BDEAAF0DECDD7C354158E415ED0AA340ABA7A6CCCDC09C1E728B,IMPHASH=98738BA55485CCA932F6D222F47FFC55trueMicrosoft WindowsValid 734700x8000000000000000115874341Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:33.563{3BF36828-7B01-619D-8DD0-02000000CC01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dnsapi.dll10.0.14393.4350 (rs1_release.210407-2154)DNS Client API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationdnsapiMD5=D7651F99299B13D576A72643BFC44944,SHA256=589302E630C473DBDF4CE92C59F00B029FCA0C228E7111A764166E16025FA1A9,IMPHASH=3C043C6FF0F62DAEB8819606F79C5ECCtrueMicrosoft WindowsValid 734700x8000000000000000115874340Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:33.563{3BF36828-7B01-619D-8DD0-02000000CC01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5,IMPHASH=0D8FF9DE2DA5C07D680347B1A098E759trueMicrosoft WindowsValid 734700x8000000000000000115874339Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:33.563{3BF36828-7B01-619D-8DD0-02000000CC01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\advapi32.dll10.0.14393.2969 (rs1_release.190503-1820)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=F5442C4B9A99C3AED71BED79AC46DAD1,SHA256=05F47403F3BD93FB11F39A5CB4D6E4DD08B35FF4FA3D4969D8E5396D38FB484B,IMPHASH=D2F471BB25AF6310EB67BD4EA99B4DBCtrueMicrosoft WindowsValid 734700x8000000000000000115874338Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:33.563{3BF36828-7B01-619D-8DD0-02000000CC01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4350 (rs1_release.210407-2154)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=BC930981DA6E598A6A2E87D8355CB38A,SHA256=34DB9A305C0574B5C1694A499221B520DFB2BFD894D8E95096ABF09F1182D758,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x8000000000000000115874337Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:33.563{3BF36828-7B01-619D-8DD0-02000000CC01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x8000000000000000115874336Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:33.563{3BF36828-7B01-619D-8DD0-02000000CC01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 10341000x8000000000000000115874335Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:33.563{3BF36828-989E-6185-C300-00000000CC01}59565960C:\Windows\system32\conhost.exe{3BF36828-7B01-619D-8DD0-02000000CC01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x8000000000000000115874334Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:33.547{3BF36828-7B01-619D-8DD0-02000000CC01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x8000000000000000115874333Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:33.547{3BF36828-7B01-619D-8DD0-02000000CC01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x8000000000000000115874332Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:33.547{3BF36828-7B01-619D-8DD0-02000000CC01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000115874331Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:33.547{3BF36828-7B01-619D-8DD0-02000000CC01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exeMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AECtrueSplunk, Inc.Valid 10341000x8000000000000000115874330Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:33.547{3BF36828-9799-6185-0C00-00000000CC01}844988C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115874329Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:33.547{3BF36828-9799-6185-0C00-00000000CC01}844988C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115874328Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:33.547{3BF36828-9799-6185-0C00-00000000CC01}844988C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115874327Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:33.547{3BF36828-9799-6185-0C00-00000000CC01}844988C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115874326Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:33.547{3BF36828-9797-6185-0500-00000000CC01}420412C:\Windows\system32\csrss.exe{3BF36828-7B01-619D-8DD0-02000000CC01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000115874325Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:33.547{3BF36828-989D-6185-BF00-00000000CC01}29682452C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3BF36828-7B01-619D-8DD0-02000000CC01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000115874324Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:33.532{3BF36828-7B01-619D-8DD0-02000000CC01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{3BF36828-9797-6185-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{3BF36828-989D-6185-BF00-00000000CC01}2968C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000115874323Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:33.179{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D317BC9060FF8DE4B927F8C2FBF184A3,SHA256=1409881A075EDF5D7BCA06B120CFF9D80019883135D95ACDB14760F60E751C24,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874322Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:33.179{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D6886261A33D570E7360309A9368FFEF,SHA256=B31087B22B0B32A351EC22684C834924F2CD9062F7D6C598989A62439AEEAE4A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058768Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:33.342{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=971C7AB4C26D3607315EA2924537286F,SHA256=91CDC2794DB69130BC31B13CA10029C681F0CD17AF515E945EA8BE8A6AEE7ECD,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x8000000000000000115874321Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:33.063{3BF36828-7B00-619D-8CD0-02000000CC01}220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 10341000x8000000000000000115874320Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:33.063{3BF36828-7B00-619D-8CD0-02000000CC01}2207416C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{3BF36828-989D-6185-BF00-00000000CC01}2968C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x8000000000000000115874319Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:33.063{3BF36828-7B00-619D-8CD0-02000000CC01}220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x8000000000000000115874318Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:33.063{3BF36828-7B00-619D-8CD0-02000000CC01}220C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 23542300x8000000000000000115874317Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:33.048{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=516A9A12AC2ED33E8876603727EF290D,SHA256=9D520E634E81064DC93B4B717D76A302D46087DC82D1E9F417397A4339F463DC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058769Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:34.357{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=23187B46EA23F0D71587483AF94E131C,SHA256=8E258652B4167AF6A30480C96D696A18075BC4095CF7017BE668C89308E94793,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x8000000000000000115874484Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:34.931{3BF36828-7B02-619D-8FD0-02000000CC01}1228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x8000000000000000115874483Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:34.931{3BF36828-7B02-619D-8FD0-02000000CC01}1228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=B6E99FD898E948657373BB02708C7C00,SHA256=90476029BD7AB0FEC53AAE567AE53BC0B09C7C5C8C7B8F19485BA872B74ED591,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x8000000000000000115874482Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:34.931{3BF36828-7B02-619D-8FD0-02000000CC01}1228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x8000000000000000115874481Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:34.931{3BF36828-7B02-619D-8FD0-02000000CC01}1228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x8000000000000000115874480Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:34.931{3BF36828-7B02-619D-8FD0-02000000CC01}1228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x8000000000000000115874479Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:34.931{3BF36828-7B02-619D-8FD0-02000000CC01}1228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x8000000000000000115874478Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:34.931{3BF36828-7B02-619D-8FD0-02000000CC01}1228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x8000000000000000115874477Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:34.915{3BF36828-7B02-619D-8FD0-02000000CC01}1228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x8000000000000000115874476Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:34.915{3BF36828-7B02-619D-8FD0-02000000CC01}1228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x8000000000000000115874475Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:34.915{3BF36828-7B02-619D-8FD0-02000000CC01}1228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x8000000000000000115874474Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:34.915{3BF36828-7B02-619D-8FD0-02000000CC01}1228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x8000000000000000115874473Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:34.915{3BF36828-7B02-619D-8FD0-02000000CC01}1228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x8000000000000000115874472Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:34.915{3BF36828-7B02-619D-8FD0-02000000CC01}1228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\combase.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=88632FDECDE467B887C3594BE2EC545C,SHA256=FFED4D80961917C785063411ED15CED1DB6588AD925E76D72E1BF684FFDBF25D,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x8000000000000000115874471Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:34.915{3BF36828-7B02-619D-8FD0-02000000CC01}1228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x8000000000000000115874470Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:34.915{3BF36828-7B02-619D-8FD0-02000000CC01}1228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000115874469Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:34.915{3BF36828-7B02-619D-8FD0-02000000CC01}1228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x8000000000000000115874468Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:34.915{3BF36828-7B02-619D-8FD0-02000000CC01}1228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4350 (rs1_release.210407-2154)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=BC930981DA6E598A6A2E87D8355CB38A,SHA256=34DB9A305C0574B5C1694A499221B520DFB2BFD894D8E95096ABF09F1182D758,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x8000000000000000115874467Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:34.915{3BF36828-7B02-619D-8FD0-02000000CC01}1228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x8000000000000000115874466Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:34.915{3BF36828-7B02-619D-8FD0-02000000CC01}1228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x8000000000000000115874465Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:34.915{3BF36828-7B02-619D-8FD0-02000000CC01}1228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x8000000000000000115874464Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:34.915{3BF36828-7B02-619D-8FD0-02000000CC01}1228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x8000000000000000115874463Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:34.915{3BF36828-7B02-619D-8FD0-02000000CC01}1228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x8000000000000000115874462Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:34.915{3BF36828-7B02-619D-8FD0-02000000CC01}1228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x8000000000000000115874461Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:34.915{3BF36828-7B02-619D-8FD0-02000000CC01}1228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x8000000000000000115874460Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:34.915{3BF36828-7B02-619D-8FD0-02000000CC01}1228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x8000000000000000115874459Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:34.915{3BF36828-7B02-619D-8FD0-02000000CC01}1228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x8000000000000000115874458Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:34.915{3BF36828-7B02-619D-8FD0-02000000CC01}1228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x8000000000000000115874457Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:34.915{3BF36828-7B02-619D-8FD0-02000000CC01}1228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x8000000000000000115874456Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:34.915{3BF36828-7B02-619D-8FD0-02000000CC01}1228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x8000000000000000115874455Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:34.915{3BF36828-7B02-619D-8FD0-02000000CC01}1228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x8000000000000000115874454Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:34.915{3BF36828-7B02-619D-8FD0-02000000CC01}1228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x8000000000000000115874453Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:34.915{3BF36828-7B02-619D-8FD0-02000000CC01}1228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x8000000000000000115874452Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:34.915{3BF36828-7B02-619D-8FD0-02000000CC01}1228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x8000000000000000115874451Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:34.915{3BF36828-7B02-619D-8FD0-02000000CC01}1228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x8000000000000000115874450Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:34.915{3BF36828-7B02-619D-8FD0-02000000CC01}1228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5,IMPHASH=0D8FF9DE2DA5C07D680347B1A098E759trueMicrosoft WindowsValid 734700x8000000000000000115874449Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:34.915{3BF36828-7B02-619D-8FD0-02000000CC01}1228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\advapi32.dll10.0.14393.2969 (rs1_release.190503-1820)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=F5442C4B9A99C3AED71BED79AC46DAD1,SHA256=05F47403F3BD93FB11F39A5CB4D6E4DD08B35FF4FA3D4969D8E5396D38FB484B,IMPHASH=D2F471BB25AF6310EB67BD4EA99B4DBCtrueMicrosoft WindowsValid 10341000x8000000000000000115874448Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:34.915{3BF36828-989E-6185-C300-00000000CC01}59565960C:\Windows\system32\conhost.exe{3BF36828-7B02-619D-8FD0-02000000CC01}1228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x8000000000000000115874447Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:34.915{3BF36828-7B02-619D-8FD0-02000000CC01}1228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x8000000000000000115874446Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:34.915{3BF36828-7B02-619D-8FD0-02000000CC01}1228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x8000000000000000115874445Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:34.914{3BF36828-7B02-619D-8FD0-02000000CC01}1228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000115874444Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:34.914{3BF36828-7B02-619D-8FD0-02000000CC01}1228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exeMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25trueSplunk, Inc.Valid 10341000x8000000000000000115874443Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:34.914{3BF36828-9799-6185-0C00-00000000CC01}844988C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115874442Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:34.914{3BF36828-9799-6185-0C00-00000000CC01}844988C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115874441Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:34.914{3BF36828-9799-6185-0C00-00000000CC01}844988C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115874440Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:34.914{3BF36828-9799-6185-0C00-00000000CC01}844988C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115874439Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:34.914{3BF36828-9797-6185-0500-00000000CC01}420412C:\Windows\system32\csrss.exe{3BF36828-7B02-619D-8FD0-02000000CC01}1228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000115874438Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:34.913{3BF36828-989D-6185-BF00-00000000CC01}29682452C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3BF36828-7B02-619D-8FD0-02000000CC01}1228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000115874437Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:34.894{3BF36828-7B02-619D-8FD0-02000000CC01}1228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{3BF36828-9797-6185-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{3BF36828-989D-6185-BF00-00000000CC01}2968C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000115874436Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:34.547{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=5862CB2EC8AEF312229579B129ED5F05,SHA256=E2113B8E192576979D8A8C703E1C6B837DDAC233B73E819FB81FE5B431B51EAD,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874435Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:34.511{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=688C8FB93C04806A4BF2A973C4A00698,SHA256=2FFB924AEBCE3685AD254E58CAB405786715734EAADB8DFE76D4FB8A7E9E21EF,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x8000000000000000115874434Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:34.378{3BF36828-7B02-619D-8ED0-02000000CC01}6412C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x8000000000000000115874433Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:34.378{3BF36828-7B02-619D-8ED0-02000000CC01}6412C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x8000000000000000115874432Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:34.378{3BF36828-7B02-619D-8ED0-02000000CC01}6412C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 10341000x8000000000000000115874431Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:34.363{3BF36828-9D19-618C-1ED4-00000000CC01}61284772C:\Windows\system32\taskmgr.exe{3BF36828-7B02-619D-8ED0-02000000CC01}6412C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+19544|C:\Windows\system32\taskmgr.exe+1a290|C:\Windows\system32\taskmgr.exe+19e20|C:\Windows\system32\taskmgr.exe+1cc42|C:\Windows\system32\taskmgr.exe+14fa9|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115874430Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:34.363{3BF36828-9D19-618C-1ED4-00000000CC01}61284772C:\Windows\system32\taskmgr.exe{3BF36828-7B02-619D-8ED0-02000000CC01}6412C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\taskmgr.exe+1e590|C:\Windows\system32\taskmgr.exe+1a25e|C:\Windows\system32\taskmgr.exe+19e20|C:\Windows\system32\taskmgr.exe+1cc42|C:\Windows\system32\taskmgr.exe+14fa9|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115874429Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:34.363{3BF36828-9D19-618C-1ED4-00000000CC01}61284772C:\Windows\system32\taskmgr.exe{3BF36828-7B02-619D-8ED0-02000000CC01}6412C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+1ea6a|C:\Windows\system32\taskmgr.exe+1a0d0|C:\Windows\system32\taskmgr.exe+19e20|C:\Windows\system32\taskmgr.exe+1cc42|C:\Windows\system32\taskmgr.exe+14fa9|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115874428Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:34.363{3BF36828-9D19-618C-1ED4-00000000CC01}61284772C:\Windows\system32\taskmgr.exe{3BF36828-7B02-619D-8ED0-02000000CC01}6412C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+b1cf|C:\Windows\system32\taskmgr.exe+1a084|C:\Windows\system32\taskmgr.exe+19e20|C:\Windows\system32\taskmgr.exe+1cc42|C:\Windows\system32\taskmgr.exe+14fa9|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115874427Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:34.363{3BF36828-9D19-618C-1ED4-00000000CC01}61284772C:\Windows\system32\taskmgr.exe{3BF36828-7B02-619D-8ED0-02000000CC01}6412C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+b2b8|C:\Windows\system32\taskmgr.exe+19d0d|C:\Windows\system32\taskmgr.exe+1cc42|C:\Windows\system32\taskmgr.exe+14fa9|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x8000000000000000115874426Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:34.247{3BF36828-7B02-619D-8ED0-02000000CC01}6412C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x8000000000000000115874425Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:34.247{3BF36828-7B02-619D-8ED0-02000000CC01}6412C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rsaenh.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=B6E99FD898E948657373BB02708C7C00,SHA256=90476029BD7AB0FEC53AAE567AE53BC0B09C7C5C8C7B8F19485BA872B74ED591,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x8000000000000000115874424Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:34.247{3BF36828-7B02-619D-8ED0-02000000CC01}6412C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x8000000000000000115874423Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:34.247{3BF36828-7B02-619D-8ED0-02000000CC01}6412C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x8000000000000000115874422Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:34.231{3BF36828-7B02-619D-8ED0-02000000CC01}6412C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x8000000000000000115874421Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:34.231{3BF36828-7B02-619D-8ED0-02000000CC01}6412C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x8000000000000000115874420Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:34.231{3BF36828-7B02-619D-8ED0-02000000CC01}6412C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x8000000000000000115874419Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:34.231{3BF36828-7B02-619D-8ED0-02000000CC01}6412C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x8000000000000000115874418Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:34.231{3BF36828-7B02-619D-8ED0-02000000CC01}6412C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x8000000000000000115874417Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:34.231{3BF36828-7B02-619D-8ED0-02000000CC01}6412C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x8000000000000000115874416Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:34.231{3BF36828-7B02-619D-8ED0-02000000CC01}6412C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x8000000000000000115874415Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:34.231{3BF36828-7B02-619D-8ED0-02000000CC01}6412C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x8000000000000000115874414Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:34.231{3BF36828-7B02-619D-8ED0-02000000CC01}6412C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\combase.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=88632FDECDE467B887C3594BE2EC545C,SHA256=FFED4D80961917C785063411ED15CED1DB6588AD925E76D72E1BF684FFDBF25D,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x8000000000000000115874413Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:34.231{3BF36828-7B02-619D-8ED0-02000000CC01}6412C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x8000000000000000115874412Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:34.231{3BF36828-7B02-619D-8ED0-02000000CC01}6412C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x8000000000000000115874411Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:34.231{3BF36828-7B02-619D-8ED0-02000000CC01}6412C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x8000000000000000115874410Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:34.231{3BF36828-7B02-619D-8ED0-02000000CC01}6412C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000115874409Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:34.231{3BF36828-7B02-619D-8ED0-02000000CC01}6412C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x8000000000000000115874408Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:34.231{3BF36828-7B02-619D-8ED0-02000000CC01}6412C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x8000000000000000115874407Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:34.231{3BF36828-7B02-619D-8ED0-02000000CC01}6412C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x8000000000000000115874406Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:34.231{3BF36828-7B02-619D-8ED0-02000000CC01}6412C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x8000000000000000115874405Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:34.231{3BF36828-7B02-619D-8ED0-02000000CC01}6412C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x8000000000000000115874404Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:34.231{3BF36828-7B02-619D-8ED0-02000000CC01}6412C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x8000000000000000115874403Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:34.231{3BF36828-7B02-619D-8ED0-02000000CC01}6412C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x8000000000000000115874402Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:34.231{3BF36828-7B02-619D-8ED0-02000000CC01}6412C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x8000000000000000115874401Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:34.231{3BF36828-7B02-619D-8ED0-02000000CC01}6412C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x8000000000000000115874400Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:34.231{3BF36828-7B02-619D-8ED0-02000000CC01}6412C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4350 (rs1_release.210407-2154)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=BC930981DA6E598A6A2E87D8355CB38A,SHA256=34DB9A305C0574B5C1694A499221B520DFB2BFD894D8E95096ABF09F1182D758,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x8000000000000000115874399Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:34.231{3BF36828-7B02-619D-8ED0-02000000CC01}6412C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x8000000000000000115874398Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:34.231{3BF36828-7B02-619D-8ED0-02000000CC01}6412C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x8000000000000000115874397Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:34.231{3BF36828-7B02-619D-8ED0-02000000CC01}6412C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x8000000000000000115874396Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:34.231{3BF36828-7B02-619D-8ED0-02000000CC01}6412C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x8000000000000000115874395Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:34.231{3BF36828-7B02-619D-8ED0-02000000CC01}6412C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x8000000000000000115874394Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:34.231{3BF36828-7B02-619D-8ED0-02000000CC01}6412C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\advapi32.dll10.0.14393.2969 (rs1_release.190503-1820)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=F5442C4B9A99C3AED71BED79AC46DAD1,SHA256=05F47403F3BD93FB11F39A5CB4D6E4DD08B35FF4FA3D4969D8E5396D38FB484B,IMPHASH=D2F471BB25AF6310EB67BD4EA99B4DBCtrueMicrosoft WindowsValid 734700x8000000000000000115874393Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:34.231{3BF36828-7B02-619D-8ED0-02000000CC01}6412C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x8000000000000000115874392Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:34.231{3BF36828-7B02-619D-8ED0-02000000CC01}6412C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x8000000000000000115874391Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:34.231{3BF36828-7B02-619D-8ED0-02000000CC01}6412C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\fltLib.dll10.0.14393.0 (rs1_release.160715-1616)Filter LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationfilterLib.dllMD5=051ABD8360BDA63A1BC77C662FBF0A25,SHA256=C914E2DBAEC2C9A11923A984B30A979637D3A27B3C29E93F4C90FB1D9FBC518F,IMPHASH=74D3C2DA8B6F9861866B866AE40683D3trueMicrosoft WindowsValid 10341000x8000000000000000115874390Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:34.231{3BF36828-989E-6185-C300-00000000CC01}59565960C:\Windows\system32\conhost.exe{3BF36828-7B02-619D-8ED0-02000000CC01}6412C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x8000000000000000115874389Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:34.216{3BF36828-7B02-619D-8ED0-02000000CC01}6412C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x8000000000000000115874388Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:34.216{3BF36828-7B02-619D-8ED0-02000000CC01}6412C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x8000000000000000115874387Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:34.216{3BF36828-7B02-619D-8ED0-02000000CC01}6412C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000115874386Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:34.216{3BF36828-7B02-619D-8ED0-02000000CC01}6412C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exeMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8trueSplunk, Inc.Valid 10341000x8000000000000000115874385Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:34.216{3BF36828-9799-6185-0C00-00000000CC01}844988C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115874384Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:34.216{3BF36828-9799-6185-0C00-00000000CC01}844988C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115874383Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:34.216{3BF36828-9799-6185-0C00-00000000CC01}844988C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115874382Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:34.216{3BF36828-9799-6185-0C00-00000000CC01}844988C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115874381Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:34.216{3BF36828-9797-6185-0500-00000000CC01}420412C:\Windows\system32\csrss.exe{3BF36828-7B02-619D-8ED0-02000000CC01}6412C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000115874380Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:34.216{3BF36828-989D-6185-BF00-00000000CC01}29682452C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3BF36828-7B02-619D-8ED0-02000000CC01}6412C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000115874379Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:34.210{3BF36828-7B02-619D-8ED0-02000000CC01}6412C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{3BF36828-9797-6185-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{3BF36828-989D-6185-BF00-00000000CC01}2968C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000059058771Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:21.790{B81B27B7-28BE-6193-7E00-00000000CC01}5272C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58124-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000059058770Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:35.357{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E143707C7061E836DED831300E3DFED4,SHA256=B2209A58EC45097D0233D4AC422258DD97771C333D8547947A2614428AF36B6D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874542Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:35.913{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A12EACA75CD60EA7108AAC55E2F38750,SHA256=E88E970C1EA9B6EE5F844020959190C46CECECDBA0F0DEA6DA5D854C83262B33,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x8000000000000000115874541Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:35.762{3BF36828-7B03-619D-90D0-02000000CC01}5712C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 10341000x8000000000000000115874540Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:35.762{3BF36828-7B03-619D-90D0-02000000CC01}57127120C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{3BF36828-989D-6185-BF00-00000000CC01}2968C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x8000000000000000115874539Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:35.762{3BF36828-7B03-619D-90D0-02000000CC01}5712C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x8000000000000000115874538Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:35.762{3BF36828-7B03-619D-90D0-02000000CC01}5712C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x8000000000000000115874537Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:35.615{3BF36828-7B03-619D-90D0-02000000CC01}5712C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x8000000000000000115874536Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:35.615{3BF36828-7B03-619D-90D0-02000000CC01}5712C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=B6E99FD898E948657373BB02708C7C00,SHA256=90476029BD7AB0FEC53AAE567AE53BC0B09C7C5C8C7B8F19485BA872B74ED591,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x8000000000000000115874535Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:35.615{3BF36828-7B03-619D-90D0-02000000CC01}5712C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x8000000000000000115874534Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:35.615{3BF36828-7B03-619D-90D0-02000000CC01}5712C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x8000000000000000115874533Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:35.615{3BF36828-7B03-619D-90D0-02000000CC01}5712C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x8000000000000000115874532Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:35.615{3BF36828-7B03-619D-90D0-02000000CC01}5712C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x8000000000000000115874531Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:35.615{3BF36828-7B03-619D-90D0-02000000CC01}5712C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x8000000000000000115874530Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:35.615{3BF36828-7B03-619D-90D0-02000000CC01}5712C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x8000000000000000115874529Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:35.615{3BF36828-7B03-619D-90D0-02000000CC01}5712C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x8000000000000000115874528Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:35.615{3BF36828-7B03-619D-90D0-02000000CC01}5712C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x8000000000000000115874527Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:35.615{3BF36828-7B03-619D-90D0-02000000CC01}5712C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x8000000000000000115874526Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:35.615{3BF36828-7B03-619D-90D0-02000000CC01}5712C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x8000000000000000115874525Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:35.615{3BF36828-7B03-619D-90D0-02000000CC01}5712C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=88632FDECDE467B887C3594BE2EC545C,SHA256=FFED4D80961917C785063411ED15CED1DB6588AD925E76D72E1BF684FFDBF25D,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x8000000000000000115874524Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:35.615{3BF36828-7B03-619D-90D0-02000000CC01}5712C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x8000000000000000115874523Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:35.615{3BF36828-7B03-619D-90D0-02000000CC01}5712C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000115874522Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:35.615{3BF36828-7B03-619D-90D0-02000000CC01}5712C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x8000000000000000115874521Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:35.615{3BF36828-7B03-619D-90D0-02000000CC01}5712C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x8000000000000000115874520Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:35.615{3BF36828-7B03-619D-90D0-02000000CC01}5712C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x8000000000000000115874519Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:35.615{3BF36828-7B03-619D-90D0-02000000CC01}5712C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x8000000000000000115874518Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:35.615{3BF36828-7B03-619D-90D0-02000000CC01}5712C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x8000000000000000115874517Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:35.615{3BF36828-7B03-619D-90D0-02000000CC01}5712C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x8000000000000000115874516Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:35.615{3BF36828-7B03-619D-90D0-02000000CC01}5712C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x8000000000000000115874515Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:35.615{3BF36828-7B03-619D-90D0-02000000CC01}5712C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x8000000000000000115874514Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:35.615{3BF36828-7B03-619D-90D0-02000000CC01}5712C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x8000000000000000115874513Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:35.615{3BF36828-7B03-619D-90D0-02000000CC01}5712C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4350 (rs1_release.210407-2154)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=BC930981DA6E598A6A2E87D8355CB38A,SHA256=34DB9A305C0574B5C1694A499221B520DFB2BFD894D8E95096ABF09F1182D758,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x8000000000000000115874512Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:35.615{3BF36828-7B03-619D-90D0-02000000CC01}5712C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x8000000000000000115874511Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:35.615{3BF36828-7B03-619D-90D0-02000000CC01}5712C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x8000000000000000115874510Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:35.615{3BF36828-7B03-619D-90D0-02000000CC01}5712C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x8000000000000000115874509Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:35.615{3BF36828-7B03-619D-90D0-02000000CC01}5712C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x8000000000000000115874508Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:35.615{3BF36828-7B03-619D-90D0-02000000CC01}5712C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x8000000000000000115874507Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:35.615{3BF36828-7B03-619D-90D0-02000000CC01}5712C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x8000000000000000115874506Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:35.615{3BF36828-7B03-619D-90D0-02000000CC01}5712C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x8000000000000000115874505Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:35.615{3BF36828-7B03-619D-90D0-02000000CC01}5712C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x8000000000000000115874504Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:35.615{3BF36828-7B03-619D-90D0-02000000CC01}5712C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x8000000000000000115874503Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:35.615{3BF36828-7B03-619D-90D0-02000000CC01}5712C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.2969 (rs1_release.190503-1820)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=F5442C4B9A99C3AED71BED79AC46DAD1,SHA256=05F47403F3BD93FB11F39A5CB4D6E4DD08B35FF4FA3D4969D8E5396D38FB484B,IMPHASH=D2F471BB25AF6310EB67BD4EA99B4DBCtrueMicrosoft WindowsValid 10341000x8000000000000000115874502Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:35.614{3BF36828-989E-6185-C300-00000000CC01}59565960C:\Windows\system32\conhost.exe{3BF36828-7B03-619D-90D0-02000000CC01}5712C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x8000000000000000115874501Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:35.613{3BF36828-7B03-619D-90D0-02000000CC01}5712C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x8000000000000000115874500Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:35.613{3BF36828-7B03-619D-90D0-02000000CC01}5712C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x8000000000000000115874499Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:35.613{3BF36828-7B03-619D-90D0-02000000CC01}5712C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000115874498Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:35.612{3BF36828-7B03-619D-90D0-02000000CC01}5712C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1CtrueSplunk, Inc.Valid 10341000x8000000000000000115874497Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:35.612{3BF36828-9799-6185-0C00-00000000CC01}844988C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115874496Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:35.612{3BF36828-9799-6185-0C00-00000000CC01}844988C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115874495Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:35.611{3BF36828-9799-6185-0C00-00000000CC01}844988C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115874494Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:35.611{3BF36828-9799-6185-0C00-00000000CC01}844988C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115874493Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:35.611{3BF36828-9797-6185-0500-00000000CC01}420436C:\Windows\system32\csrss.exe{3BF36828-7B03-619D-90D0-02000000CC01}5712C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000115874492Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:35.611{3BF36828-989D-6185-BF00-00000000CC01}29682452C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3BF36828-7B03-619D-90D0-02000000CC01}5712C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000115874491Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:35.594{3BF36828-7B03-619D-90D0-02000000CC01}5712C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{3BF36828-9797-6185-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{3BF36828-989D-6185-BF00-00000000CC01}2968C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000115874490Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:35.378{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0DEAF60343AD56AF553200980F737C44,SHA256=78308C5AA88DB4498D6F6E7CE14A05593150B83FDF145FF5FE7911FFC802D90F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874489Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:35.178{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E0AD3CE225A8FB210ED44F0217147DB0,SHA256=F74DA96657712BAA7D4FCAEA24B941C0DC8FDDCCA5B43681E3FB9C8DF195C2E4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x8000000000000000115874488Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:35.115{3BF36828-7B02-619D-8FD0-02000000CC01}1228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 10341000x8000000000000000115874487Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:35.115{3BF36828-7B02-619D-8FD0-02000000CC01}12287344C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{3BF36828-989D-6185-BF00-00000000CC01}2968C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x8000000000000000115874486Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:35.094{3BF36828-7B02-619D-8FD0-02000000CC01}1228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x8000000000000000115874485Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:35.094{3BF36828-7B02-619D-8FD0-02000000CC01}1228C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x8000000000000000115874601Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:36.478{3BF36828-7B04-619D-91D0-02000000CC01}6244C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x8000000000000000115874600Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:36.478{3BF36828-7B04-619D-91D0-02000000CC01}6244C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x8000000000000000115874599Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:36.478{3BF36828-7B04-619D-91D0-02000000CC01}6244C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 23542300x8000000000000000115874598Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:36.431{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FAB5E4A75FEC7539F74135D080B6B8FA,SHA256=CAAD290BBC07C32B7C70A16AFF7BAE8A11F8FD6D3702AA4C29D4056696B24DBE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058772Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:36.373{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=208D4F96FE4B63604B7D88D0F202C208,SHA256=DB8F95AD7745BEAE879CB836527E5450BD35FA4DEE9DDE6FC65D11355A626643,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x8000000000000000115874597Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:36.362{3BF36828-9D19-618C-1ED4-00000000CC01}61284772C:\Windows\system32\taskmgr.exe{3BF36828-7B04-619D-91D0-02000000CC01}6244C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+19544|C:\Windows\system32\taskmgr.exe+1a290|C:\Windows\system32\taskmgr.exe+19e20|C:\Windows\system32\taskmgr.exe+1cc42|C:\Windows\system32\taskmgr.exe+14fa9|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115874596Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:36.362{3BF36828-9D19-618C-1ED4-00000000CC01}61284772C:\Windows\system32\taskmgr.exe{3BF36828-7B04-619D-91D0-02000000CC01}6244C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\taskmgr.exe+1e590|C:\Windows\system32\taskmgr.exe+1a25e|C:\Windows\system32\taskmgr.exe+19e20|C:\Windows\system32\taskmgr.exe+1cc42|C:\Windows\system32\taskmgr.exe+14fa9|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115874595Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:36.362{3BF36828-9D19-618C-1ED4-00000000CC01}61284772C:\Windows\system32\taskmgr.exe{3BF36828-7B04-619D-91D0-02000000CC01}6244C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+1ea6a|C:\Windows\system32\taskmgr.exe+1a0d0|C:\Windows\system32\taskmgr.exe+19e20|C:\Windows\system32\taskmgr.exe+1cc42|C:\Windows\system32\taskmgr.exe+14fa9|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115874594Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:36.362{3BF36828-9D19-618C-1ED4-00000000CC01}61284772C:\Windows\system32\taskmgr.exe{3BF36828-7B04-619D-91D0-02000000CC01}6244C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+b1cf|C:\Windows\system32\taskmgr.exe+1a084|C:\Windows\system32\taskmgr.exe+19e20|C:\Windows\system32\taskmgr.exe+1cc42|C:\Windows\system32\taskmgr.exe+14fa9|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115874593Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:36.362{3BF36828-9D19-618C-1ED4-00000000CC01}61284772C:\Windows\system32\taskmgr.exe{3BF36828-7B04-619D-91D0-02000000CC01}6244C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+b2b8|C:\Windows\system32\taskmgr.exe+19d0d|C:\Windows\system32\taskmgr.exe+1cc42|C:\Windows\system32\taskmgr.exe+14fa9|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000115874592Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:36.346{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0D1AC6AF595786DBCDBE66D7ADEF54A2,SHA256=BBF5D449E0643131A4A25B55F07981A7189376213DFB4BF35DCF63FF3ECA465F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x8000000000000000115874591Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:36.313{3BF36828-7B04-619D-91D0-02000000CC01}6244C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x8000000000000000115874590Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:36.313{3BF36828-7B04-619D-91D0-02000000CC01}6244C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=B6E99FD898E948657373BB02708C7C00,SHA256=90476029BD7AB0FEC53AAE567AE53BC0B09C7C5C8C7B8F19485BA872B74ED591,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x8000000000000000115874589Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:36.312{3BF36828-7B04-619D-91D0-02000000CC01}6244C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x8000000000000000115874588Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:36.312{3BF36828-7B04-619D-91D0-02000000CC01}6244C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x8000000000000000115874587Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:36.310{3BF36828-7B04-619D-91D0-02000000CC01}6244C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x8000000000000000115874586Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:36.310{3BF36828-7B04-619D-91D0-02000000CC01}6244C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x8000000000000000115874585Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:36.309{3BF36828-7B04-619D-91D0-02000000CC01}6244C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x8000000000000000115874584Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:36.293{3BF36828-7B04-619D-91D0-02000000CC01}6244C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x8000000000000000115874583Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:36.293{3BF36828-7B04-619D-91D0-02000000CC01}6244C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x8000000000000000115874582Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:36.293{3BF36828-7B04-619D-91D0-02000000CC01}6244C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x8000000000000000115874581Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:36.293{3BF36828-7B04-619D-91D0-02000000CC01}6244C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x8000000000000000115874580Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:36.293{3BF36828-7B04-619D-91D0-02000000CC01}6244C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x8000000000000000115874579Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:36.293{3BF36828-7B04-619D-91D0-02000000CC01}6244C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x8000000000000000115874578Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:36.293{3BF36828-7B04-619D-91D0-02000000CC01}6244C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\winspool.drv10.0.14393.4169 (rs1_release.210107-1130)Windows Spooler DriverMicrosoft® Windows® Operating SystemMicrosoft Corporationwinspool.drvMD5=D21FAA584F844E61375D95B5BE9115EE,SHA256=E221EA0081FDE7AAAD71A38016A8D470082B3732E9ED2D8ED7C97E9F41AF0045,IMPHASH=2005807FD04567B79F4109D23F9E6018trueMicrosoft WindowsValid 734700x8000000000000000115874577Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:36.293{3BF36828-7B04-619D-91D0-02000000CC01}6244C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x8000000000000000115874576Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:36.293{3BF36828-7B04-619D-91D0-02000000CC01}6244C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x8000000000000000115874575Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:36.293{3BF36828-7B04-619D-91D0-02000000CC01}6244C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x8000000000000000115874574Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:36.293{3BF36828-7B04-619D-91D0-02000000CC01}6244C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x8000000000000000115874573Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:36.293{3BF36828-7B04-619D-91D0-02000000CC01}6244C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x8000000000000000115874572Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:36.293{3BF36828-7B04-619D-91D0-02000000CC01}6244C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\combase.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=88632FDECDE467B887C3594BE2EC545C,SHA256=FFED4D80961917C785063411ED15CED1DB6588AD925E76D72E1BF684FFDBF25D,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x8000000000000000115874571Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:36.293{3BF36828-7B04-619D-91D0-02000000CC01}6244C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x8000000000000000115874570Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:36.293{3BF36828-7B04-619D-91D0-02000000CC01}6244C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x8000000000000000115874569Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:36.293{3BF36828-7B04-619D-91D0-02000000CC01}6244C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x8000000000000000115874568Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:36.293{3BF36828-7B04-619D-91D0-02000000CC01}6244C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x8000000000000000115874567Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:36.293{3BF36828-7B04-619D-91D0-02000000CC01}6244C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x8000000000000000115874566Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:36.293{3BF36828-7B04-619D-91D0-02000000CC01}6244C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x8000000000000000115874565Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:36.293{3BF36828-7B04-619D-91D0-02000000CC01}6244C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x8000000000000000115874564Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:36.293{3BF36828-7B04-619D-91D0-02000000CC01}6244C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x8000000000000000115874563Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:36.293{3BF36828-7B04-619D-91D0-02000000CC01}6244C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4350 (rs1_release.210407-2154)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=BC930981DA6E598A6A2E87D8355CB38A,SHA256=34DB9A305C0574B5C1694A499221B520DFB2BFD894D8E95096ABF09F1182D758,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x8000000000000000115874562Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:36.293{3BF36828-7B04-619D-91D0-02000000CC01}6244C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x8000000000000000115874561Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:36.293{3BF36828-7B04-619D-91D0-02000000CC01}6244C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x8000000000000000115874560Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:36.293{3BF36828-7B04-619D-91D0-02000000CC01}6244C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\advapi32.dll10.0.14393.2969 (rs1_release.190503-1820)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=F5442C4B9A99C3AED71BED79AC46DAD1,SHA256=05F47403F3BD93FB11F39A5CB4D6E4DD08B35FF4FA3D4969D8E5396D38FB484B,IMPHASH=D2F471BB25AF6310EB67BD4EA99B4DBCtrueMicrosoft WindowsValid 734700x8000000000000000115874559Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:36.293{3BF36828-7B04-619D-91D0-02000000CC01}6244C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x8000000000000000115874558Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:36.293{3BF36828-7B04-619D-91D0-02000000CC01}6244C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x8000000000000000115874557Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:36.293{3BF36828-7B04-619D-91D0-02000000CC01}6244C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000115874556Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:36.293{3BF36828-7B04-619D-91D0-02000000CC01}6244C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 10341000x8000000000000000115874555Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:36.293{3BF36828-989E-6185-C300-00000000CC01}59565960C:\Windows\system32\conhost.exe{3BF36828-7B04-619D-91D0-02000000CC01}6244C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x8000000000000000115874554Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:36.293{3BF36828-7B04-619D-91D0-02000000CC01}6244C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x8000000000000000115874553Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:36.293{3BF36828-7B04-619D-91D0-02000000CC01}6244C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x8000000000000000115874552Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:36.293{3BF36828-7B04-619D-91D0-02000000CC01}6244C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000115874551Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:36.293{3BF36828-7B04-619D-91D0-02000000CC01}6244C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exeMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748trueSplunk, Inc.Valid 10341000x8000000000000000115874550Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:36.293{3BF36828-9799-6185-0C00-00000000CC01}844988C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115874549Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:36.293{3BF36828-9799-6185-0C00-00000000CC01}844988C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115874548Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:36.293{3BF36828-9799-6185-0C00-00000000CC01}844988C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115874547Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:36.293{3BF36828-9799-6185-0C00-00000000CC01}844988C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115874546Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:36.293{3BF36828-9797-6185-0500-00000000CC01}420412C:\Windows\system32\csrss.exe{3BF36828-7B04-619D-91D0-02000000CC01}6244C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000115874545Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:36.293{3BF36828-989D-6185-BF00-00000000CC01}29682452C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3BF36828-7B04-619D-91D0-02000000CC01}6244C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000115874544Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:36.278{3BF36828-7B04-619D-91D0-02000000CC01}6244C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{3BF36828-9797-6185-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{3BF36828-989D-6185-BF00-00000000CC01}2968C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x8000000000000000115874543Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:59.819{3BF36828-98A5-6185-ED00-00000000CC01}2352C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local61871-false10.0.1.12-8000- 354300x8000000000000000115874605Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:02.103{3BF36828-9797-6185-0B00-00000000CC01}636C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-128.attackrange.local61872-true0:0:0:0:0:0:0:1win-dc-128.attackrange.local389ldap 354300x8000000000000000115874604Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:02.103{3BF36828-97A9-6185-2800-00000000CC01}2876C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-128.attackrange.local61872-true0:0:0:0:0:0:0:1win-dc-128.attackrange.local389ldap 23542300x8000000000000000115874603Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:37.446{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=30963F19931940A639BD0158965346E9,SHA256=2D691443198957789644AE7F4C48AB20F95FA1324A8CA3536BEBE1046F80D6AE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000059058787Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:37.826{B81B27B7-7B05-619D-F636-01000000CC01}36923724C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{B81B27B7-28B3-6193-2C00-00000000CC01}2332C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058786Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:37.685{B81B27B7-28B4-6193-3100-00000000CC01}31203140C:\Windows\system32\conhost.exe{B81B27B7-7B05-619D-F636-01000000CC01}3692C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058785Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:37.685{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058784Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:37.685{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058783Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:37.685{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058782Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:37.685{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058781Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:37.685{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058780Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:37.685{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058779Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:37.685{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058778Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:37.685{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058777Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:37.685{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058776Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:37.685{B81B27B7-28B0-6193-0500-00000000CC01}408384C:\Windows\system32\csrss.exe{B81B27B7-7B05-619D-F636-01000000CC01}3692C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000059058775Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:37.685{B81B27B7-28B3-6193-2C00-00000000CC01}23323408C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{B81B27B7-7B05-619D-F636-01000000CC01}3692C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000059058774Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:37.670{B81B27B7-7B05-619D-F636-01000000CC01}3692C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{B81B27B7-28B1-6193-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{B81B27B7-28B3-6193-2C00-00000000CC01}2332C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000059058773Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:37.373{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E4218E544A5FE41ED53D33AF00372353,SHA256=87A19DBACF9A2F65950ECF742866C088A094DC1913E3E645F14049BB66F4E121,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874602Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:37.314{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=1449B2D582869C9A02A06F687349393D,SHA256=61EC2214B3E46EB568589D36B67997B333B315A1FDFFD474FF453FD35FB34141,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058804Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:38.670{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=627EB6A4F1CA7636DC1866B50DED1009,SHA256=89B7CCD4ABBF25EB3CD8F009E6C46884EC6BD6DE13A919532F6BEE1619048D4B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058803Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:38.670{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=0B3493D9389F125AA2D869A3790B42C8,SHA256=E677AFCE334100B62C608B1B7CD2218A121D1D6F73D1FEFCA16C394A3FD61572,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058802Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:38.545{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1C53DE35991A1BE594F7BBE0FF3E21CA,SHA256=F4ACFB3D99ED0FF38F73A3A9004266608564ECA13080C3751DF58D74CAA7681B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000059058801Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:38.529{B81B27B7-7B06-619D-F736-01000000CC01}58965528C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{B81B27B7-28B3-6193-2C00-00000000CC01}2332C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000115874606Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:38.476{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=181EF59A697B4CD261ABB7FB2E8C7F98,SHA256=40886048F58AF5B396712DE8252548995FD4F6389C3E00B3A3C6C35B9297A83D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000059058800Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:38.373{B81B27B7-28B4-6193-3100-00000000CC01}31203140C:\Windows\system32\conhost.exe{B81B27B7-7B06-619D-F736-01000000CC01}5896C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058799Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:38.373{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058798Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:38.373{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058797Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:38.373{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058796Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:38.373{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058795Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:38.373{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058794Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:38.373{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058793Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:38.373{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058792Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:38.373{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058791Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:38.373{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058790Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:38.373{B81B27B7-28B0-6193-0500-00000000CC01}408528C:\Windows\system32\csrss.exe{B81B27B7-7B06-619D-F736-01000000CC01}5896C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000059058789Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:38.373{B81B27B7-28B3-6193-2C00-00000000CC01}23323408C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{B81B27B7-7B06-619D-F736-01000000CC01}5896C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000059058788Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:38.358{B81B27B7-7B06-619D-F736-01000000CC01}5896C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{B81B27B7-28B1-6193-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{B81B27B7-28B3-6193-2C00-00000000CC01}2332C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000059058832Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:39.670{B81B27B7-28B4-6193-3100-00000000CC01}31203140C:\Windows\system32\conhost.exe{B81B27B7-7B07-619D-F936-01000000CC01}1188C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058831Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:39.670{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058830Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:39.670{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058829Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:39.670{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058828Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:39.670{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058827Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:39.670{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058826Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:39.670{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058825Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:39.670{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058824Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:39.670{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058823Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:39.670{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058822Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:39.670{B81B27B7-28B0-6193-0500-00000000CC01}408528C:\Windows\system32\csrss.exe{B81B27B7-7B07-619D-F936-01000000CC01}1188C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000059058821Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:39.670{B81B27B7-28B3-6193-2C00-00000000CC01}23323408C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{B81B27B7-7B07-619D-F936-01000000CC01}1188C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000059058820Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:39.655{B81B27B7-7B07-619D-F936-01000000CC01}1188C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{B81B27B7-28B1-6193-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{B81B27B7-28B3-6193-2C00-00000000CC01}2332C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000059058819Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:39.560{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D0CD1D1227AC79028C6876E5BCCE75E7,SHA256=D3CCF196477B52E95F318052133A628D557373D39E3B7CD957960947F4A0377B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874607Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:39.509{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BAA6752AA2A221500E41C90C3145EBA0,SHA256=F9DBE353492084879B2EC94F3C67E5EBEB958A29E567786FB902CFF8A050D284,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000059058818Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:39.201{B81B27B7-7B07-619D-F836-01000000CC01}54124940C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{B81B27B7-28B3-6193-2C00-00000000CC01}2332C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058817Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:39.060{B81B27B7-28B4-6193-3100-00000000CC01}31203140C:\Windows\system32\conhost.exe{B81B27B7-7B07-619D-F836-01000000CC01}5412C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058816Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:39.060{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058815Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:39.060{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058814Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:39.060{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058813Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:39.060{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058812Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:39.060{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058811Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:39.060{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058810Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:39.060{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058809Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:39.060{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058808Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:39.060{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058807Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:39.060{B81B27B7-28B0-6193-0500-00000000CC01}408528C:\Windows\system32\csrss.exe{B81B27B7-7B07-619D-F836-01000000CC01}5412C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000059058806Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:39.045{B81B27B7-28B3-6193-2C00-00000000CC01}23323408C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{B81B27B7-7B07-619D-F836-01000000CC01}5412C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000059058805Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:39.045{B81B27B7-7B07-619D-F836-01000000CC01}5412C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{B81B27B7-28B1-6193-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{B81B27B7-28B3-6193-2C00-00000000CC01}2332C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000059058835Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:26.884{B81B27B7-28BE-6193-7E00-00000000CC01}5272C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58125-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000059058834Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:40.654{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3BFD946958B7A445FD0B593B8BADE24A,SHA256=80E6D15DEEAB94A2C43742CCEDA75A9BA210E33CF98D7EFFD37C4AA7EDE2B3F6,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874609Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:40.527{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E7ED6D509529CF20FF0838397F9E1C9D,SHA256=A6C4DF6C25D72373139DADC88DBFBC0BB30E45AC485689711A9A9C4BC3776ACD,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058833Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:40.264{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=627EB6A4F1CA7636DC1866B50DED1009,SHA256=89B7CCD4ABBF25EB3CD8F009E6C46884EC6BD6DE13A919532F6BEE1619048D4B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874608Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:40.275{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=98FD714555DEC84C16691517C801B9CD,SHA256=DBC5633BDFC8F1D1B11EE05FAC49CC8567938FA2FB208E83B0D14597E3DE12A1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058836Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:41.670{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0583AE36F6084BF4DAAC37C2D36FB047,SHA256=63ED8400A58332087756BCF5496E0D0D92EB29B9AA2D1E262FE91CAF660345F1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874611Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:41.573{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B5733449CFA15CB62C7A937DAEFADDAE,SHA256=F9A83EB0FFF56334F57D264884F1696649CF70115E34D82CC453744E5424B933,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x8000000000000000115874610Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:04.900{3BF36828-98A5-6185-ED00-00000000CC01}2352C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local61873-false10.0.1.12-8000- 23542300x800000000000000059058837Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:42.888{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=30125C561F26793B5F9BD5525A1C9A00,SHA256=1888455B7610FD40A2702BF9BD64D326A1C635E555EB4243E1A2D5161229C45E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874612Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:42.609{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D99739B2B897E21DB2F526FD15659A32,SHA256=D885F63800580D7584354D2F7D5434E724D5E80E9466EBB6238453DED008A337,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874614Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:43.672{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=06C57DA6C0DB832814CD4436B9696A0E,SHA256=15A712B846B08CCF880C3B2F7F820CA366B5C6C9AC4817DF2F281DA5FBB7D008,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874613Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:43.641{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3DDEBFC37A8A3DE2AF045AF8A0A808F7,SHA256=6CCDF6345D613DEBB36E13772E8619FB6628EA1846527DDAAA6A03AA9B089126,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874615Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:44.642{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E0A2D52F054E7FD81B614C08F8471725,SHA256=1353C0AA08CDBF68552564EC35B4A2DDFD73E030D4FED344CD145FA242C97BE7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058838Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:44.123{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3702F04809083F9854479E846F66F9F3,SHA256=3044E229C8B077AC416CAA458C5B4BD42F7C559D783FDA7293F452AF1742EB45,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874619Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:45.672{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4FF8D2595534897F3DE5A98BD2D89E6D,SHA256=9A9607EE94A693760BFD36F641414A881AC646B86177246D0E7FB29D2A107A59,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058839Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:45.357{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=201BED431D4DD7E871C1AE758EA077A8,SHA256=025EBA1D782715CF5CEB12074B6FCB7B2318B234B530B3DE25B4D8BFA028E67B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x8000000000000000115874618Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:45.625{3BF36828-9799-6185-0C00-00000000CC01}844988C:\Windows\system32\svchost.exe{3BF36828-9799-6185-1500-00000000CC01}1236C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115874617Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:45.625{3BF36828-9799-6185-0C00-00000000CC01}844988C:\Windows\system32\svchost.exe{3BF36828-9799-6185-1500-00000000CC01}1236C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115874616Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:45.625{3BF36828-9799-6185-0C00-00000000CC01}844988C:\Windows\system32\svchost.exe{3BF36828-9799-6185-1500-00000000CC01}1236C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000115874622Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:46.704{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=69BEA355F1A48338C4E53FE1CF1CCE5A,SHA256=08C5BD3C56B52CBB927A74E3F5825B16992C8AEE37A17C2A61096A6EAF494F83,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058840Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:46.467{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F76C8D80D89CDE1EB1471EEB6B59E55B,SHA256=CA9E7B30F843BAA7CAEB4E916DD7E57B9C285ED3ECA7CCB945F9047CF5BD48A3,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x8000000000000000115874621Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:10.660{3BF36828-98A5-6185-ED00-00000000CC01}2352C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local61874-false10.0.1.12-8000- 23542300x8000000000000000115874620Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:46.025{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=538A19DCF3F3A0B418DBAFE7D080A1CE,SHA256=B6C2C3E72FE39F129768892C5F2C7EBA0F864864DF07E5DBD79B506AD4CB4084,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874623Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:47.722{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=95E68D43E9D89A5555204A11BE48477D,SHA256=EDF284FE4282B03B7BF1906E9FDC931B93459F8B285C91FD169D601B6E452D1A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058842Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:47.482{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=29D4EBEDF69A930DEFF7B4E6683804F9,SHA256=A57A03169BB8D485D40DE8879F91F47182147A62B8AA52F8A541C1378F9CC85F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000059058841Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:32.837{B81B27B7-28BE-6193-7E00-00000000CC01}5272C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58126-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x8000000000000000115874625Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:48.753{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8839BD818D3FAE0F8021212D52D80E6D,SHA256=DC65932FBA52174B01F9ABBF8B89BABC2552BD47DDCA8C7514CA5A44DD6F0116,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058843Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:48.487{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C71D123E2A64B67109183A913BBDE25A,SHA256=36DC51C9F2BA200B7848C443D9F6CA79D035C135B4D4A1931F46845096EF1538,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874624Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:48.685{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=350719388B4D646123AD672F17E0402C,SHA256=C53D42D0929D104789B59AE5992225BB175B1A142F2100546F2F72FAC2280815,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874626Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:49.783{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D91D15F5F63A5706DE016A325C1970D4,SHA256=77F9B2D07AE3F490DF0D427893E3A3065B9496F4297BA83DBC54EF49F62A5A72,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058844Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:49.487{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BE22D40A96FEDC6FC08F980DD9F35564,SHA256=507456567B5EB4FE42DAEBAF69DFB9C95F01069CDC4558A13F1632C0F2C7B31E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874627Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:50.820{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6647A9612B1A368DDEF649F149FEE20E,SHA256=C9502045681A815EE990CBB5D2788BB641C9DC100B8AE31346D9F433B0D5A7A2,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058845Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:50.503{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CC7A714A3C1C5289B3BF376EB27C5599,SHA256=56E22E68E0DE1D2C60B4F8948615E9C8F10FA9B4A53FBE3FADA1BAF5C4B3765E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874629Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:51.850{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2FFAE79D9F45ABA0DC06AB090535A1AB,SHA256=87DA0CB8C5E25631A03342F02C8DD3FC786B072FBBED49177FBDEFA63979D2B4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058846Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:51.518{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AA8D6264EF2022D4E16CA072A7D37262,SHA256=DD965CFD3EFB291F2E138D8CD649B8984BB851EF3A359576646A964F76C60561,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874628Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:51.251{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=E84F4614C47D906948461525F8FDF613,SHA256=82E682C0C3F827DB24E2C9C2509D2E068AC11536C091EE843355EDBE79B8BC76,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874630Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:52.880{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=603C9E6E52C51EE23CD105665D0626F5,SHA256=246ECFC6FED2FDDB20E69E7307223CF436564D88810BE9E6BDCACCF624069500,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058848Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:52.518{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=569601CE0077E78B6F4781F8732AB355,SHA256=89D5BD98089AFE448E880476FEF0034F29FC2B1F57873349590E919D8447A1A2,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000059058847Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:37.905{B81B27B7-28BE-6193-7E00-00000000CC01}5272C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58127-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x8000000000000000115874632Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:53.880{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8BE07DB4CC32E0E65CBEDC8788A2B71E,SHA256=F9800FB25E3C7435FD615BEC15A1ACBD967BDE9E2B59FE3FC8250825A53ECA5F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058849Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:53.534{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AFF65E25B047846168A51ED5F9B8B54A,SHA256=231A77DF16FDDEDC121A09FBFF10779CE123767FD60B660FCC31DF21E2A0AB21,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x8000000000000000115874631Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:15.877{3BF36828-98A5-6185-ED00-00000000CC01}2352C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local61875-false10.0.1.12-8000- 23542300x8000000000000000115874633Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:54.896{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BEFFA8125A53D5E30DFF16C58367D4A0,SHA256=DE7CB2CAE32F998FB07FC4D1611BC306CE2EC6064AE919C6A875A06E5285F6C0,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058850Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:54.550{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0D4F64DA99C9827742E06F9E90820A4E,SHA256=EE59141C92970056EBE573A8DEE412EAD7AD4C3993C8C30E3112D12234028B88,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874634Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:55.946{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5885A55B3D1CFFC9E9C7C1135BB9148B,SHA256=EF5459C185A69F2F08A15F3422C95C6A37D5B665F779995D12ED03C8DA226464,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058851Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:55.550{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8D7EF70159F4F18827B9139109EA7DA4,SHA256=E7D02646D2055F1934ABA235FA207161C2CFE390D1E0CC8B6FE2E54DABA42878,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874637Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:56.976{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5BB44A3A57F415586EF2E71A6CB2575E,SHA256=8FDD291C71C478CDBC60A6D06CD27D6909C51A6740378CA381846050BB802101,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058852Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:56.565{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4FE40FDE59D796BA1412AA47A6CC1DEB,SHA256=358566BB67E9EA3F5A186F5998095095F20D69E467991796798489EFCE894B2A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874636Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:56.277{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=74BEB733235C4FE7005BE30871A2F2B2,SHA256=A036BF6A21BD3EC9BA607679AE81E0226418D45D713FF7D6E94EE448DC613AB8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874635Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:56.277{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=4009022F96412479A0CD8C34DCCB0343,SHA256=CF3BEC18557F3BEE43E638923AA48B3CC30DD6AE038CAD4831BBD5B682432825,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874639Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:57.994{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=91918BA2D0EB267E89B180C1F6049068,SHA256=6B89142B922E8BB3AB868015C2C699354E7287B6357050932917FCAE518157A3,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058853Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:57.565{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D569B0A7E1C7A36791A340136632A2B0,SHA256=332298ED6C5241B24150E5BB24CA025280E62902353471773EE61328AC3482C0,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x8000000000000000115874638Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:20.919{3BF36828-98A5-6185-ED00-00000000CC01}2352C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local61876-false10.0.1.12-8000- 23542300x800000000000000059058855Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:58.581{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F20AA18EB7379F1C5574611635EC5BBA,SHA256=0419C85ACE30B0E7BAEF01596E5BF087CB576914E73B2F9FD06E197FC9964AA7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000059058854Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:43.780{B81B27B7-28BE-6193-7E00-00000000CC01}5272C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58128-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000059058856Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:59.597{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6CC03288B2F9C5D5A7B7396B5974BAB3,SHA256=B192607577F16D42DAFFCFBFFA45746DB940A183DFC073C127A12727FCAB2FD5,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874640Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:36:59.012{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=766984538394C909F9665E799C7A75A7,SHA256=DF4D016874CFB4E22591B739096795B5B31698711B38987CFFC0FE1353AE623B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058857Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:00.737{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1F2E607D67927DF1F57053FB7B8DA076,SHA256=C43E3F41DC13B12800B69758C369C11EFDCF44CCD0770321C4CA87D322750C63,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874641Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:00.013{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1DA0AE38F8F7D30A8F7B247A3FD53D70,SHA256=18706210A4EC72FCAB29CA7CBF8DEC48F2CC9315BAAFA2CD59DB35E912F9FC35,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058858Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:01.753{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=660FA86268435DA2FEE6318A514A77DD,SHA256=CA7942C569980CC92CA20FCEB5F82FC13835A58CD7CBD9A9E42C96034799C6C3,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874642Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:01.043{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0FCCE4A9694DA73E2FDC05DF9FFFFC1E,SHA256=BE85033203AFE308EBDBD28322339A0C0277D9120C797D74F4DE9FFF0A7314C4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874647Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:02.610{3BF36828-8A4E-6195-DEE0-01000000CC01}3124ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\v9017qz8.default-release\datareporting\glean\db\data.safe.binMD5=213DEF9C79BEAAB50E1DDDA8C9D021F7,SHA256=BD71FA277442310D046021D1BB0EF2773D199C36D3C21353EC0930EAB0D18699,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x8000000000000000115874646Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:26.768{3BF36828-98A5-6185-ED00-00000000CC01}2352C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local61877-false10.0.1.12-8000- 23542300x8000000000000000115874645Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:02.141{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B0C598BB69D0F446B02E5F1F83DB5B3F,SHA256=15D4D6E1FCF0DECB01B124576E9C3811D4812D741EB01DE0A622C0F4ACDD37EF,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874644Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:02.141{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=74BEB733235C4FE7005BE30871A2F2B2,SHA256=A036BF6A21BD3EC9BA607679AE81E0226418D45D713FF7D6E94EE448DC613AB8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874643Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:02.057{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=346856B4D6E30A68989670167BDADF49,SHA256=092438C36092C37208ABA1C3F19C71F90DB46318175BA7DA94EC8122C175F629,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000059058860Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:48.811{B81B27B7-28BE-6193-7E00-00000000CC01}5272C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58129-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000059058859Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:03.003{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1436D4C35B6C1FD18AD4D91BC37E8B02,SHA256=3E98B051AD4133FBE359D082B5BDA49F39F3B0D25F1AFD5BC582E1E6AAA4A061,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874649Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:03.710{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B0C598BB69D0F446B02E5F1F83DB5B3F,SHA256=15D4D6E1FCF0DECB01B124576E9C3811D4812D741EB01DE0A622C0F4ACDD37EF,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874648Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:03.091{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4C12547DBD2FEBCF3D583BFCBB60B75C,SHA256=FE9C3E4A9B4D63AE1D72C106413256885B8A69607A1A6E02E81CF7942A3A008A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058888Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:04.347{B81B27B7-28B3-6193-2C00-00000000CC01}2332NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=9D45E1BDB6F237A6CF51FFC6A12E6130,SHA256=87EEE278CDF62B2B86AF9CB87BDB04BAFB10272CEA175D83979B0C43158C5AB9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058887Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:04.331{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=416365ACAD722DB680555C247CB76FF5,SHA256=5EF36F9934A31CF9866B468167B760E3A11C798ABC07455D362B71F2528B3D82,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874651Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:04.610{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-PowerShell_OperationalMD5=DE423DBC13E0935E65544EBE19A4CEFA,SHA256=C7F4892840B26F0ACD64F5C947710CC6D2EC8F49F4DBA45EBC221EACEB64E481,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874650Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:04.126{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FAFE9C047F549893227F41412F605089,SHA256=8EC943789ED0EA790E695E619BE2CEE8F36E6B9DE15F178C1B61AD9CA348A7A8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000059058886Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:04.128{B81B27B7-28B1-6193-0E00-00000000CC01}824844C:\Windows\system32\svchost.exe{B81B27B7-28BC-6193-7600-00000000CC01}4688C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058885Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:04.128{B81B27B7-28B1-6193-0E00-00000000CC01}824844C:\Windows\system32\svchost.exe{B81B27B7-28BC-6193-7600-00000000CC01}4688C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058884Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:04.128{B81B27B7-28B1-6193-0E00-00000000CC01}824844C:\Windows\system32\svchost.exe{B81B27B7-28BC-6193-7600-00000000CC01}4688C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058883Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:04.128{B81B27B7-28B1-6193-0E00-00000000CC01}824844C:\Windows\system32\svchost.exe{B81B27B7-28BC-6193-7600-00000000CC01}4688C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058882Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:04.128{B81B27B7-28B1-6193-0E00-00000000CC01}824844C:\Windows\system32\svchost.exe{B81B27B7-28BC-6193-7600-00000000CC01}4688C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058881Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:04.128{B81B27B7-28B1-6193-0E00-00000000CC01}824844C:\Windows\system32\svchost.exe{B81B27B7-28BC-6193-7600-00000000CC01}4688C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058880Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:04.128{B81B27B7-28B1-6193-0E00-00000000CC01}824844C:\Windows\system32\svchost.exe{B81B27B7-28BC-6193-7600-00000000CC01}4688C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058879Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:04.128{B81B27B7-28B1-6193-0E00-00000000CC01}824844C:\Windows\system32\svchost.exe{B81B27B7-28BC-6193-7600-00000000CC01}4688C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058878Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:04.128{B81B27B7-28B1-6193-0E00-00000000CC01}824844C:\Windows\system32\svchost.exe{B81B27B7-28BC-6193-7600-00000000CC01}4688C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058877Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:04.128{B81B27B7-28B1-6193-0E00-00000000CC01}824844C:\Windows\system32\svchost.exe{B81B27B7-28BB-6193-7500-00000000CC01}3804C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058876Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:04.128{B81B27B7-28B1-6193-0E00-00000000CC01}824844C:\Windows\system32\svchost.exe{B81B27B7-28BB-6193-7500-00000000CC01}3804C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058875Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:04.128{B81B27B7-28B1-6193-0E00-00000000CC01}824844C:\Windows\system32\svchost.exe{B81B27B7-28BB-6193-7500-00000000CC01}3804C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058874Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:04.128{B81B27B7-28B1-6193-0E00-00000000CC01}824844C:\Windows\system32\svchost.exe{B81B27B7-28BB-6193-7500-00000000CC01}3804C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058873Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:04.128{B81B27B7-28B1-6193-0E00-00000000CC01}824844C:\Windows\system32\svchost.exe{B81B27B7-28BB-6193-7500-00000000CC01}3804C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058872Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:04.128{B81B27B7-28B1-6193-0E00-00000000CC01}824844C:\Windows\system32\svchost.exe{B81B27B7-28BB-6193-7500-00000000CC01}3804C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058871Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:04.128{B81B27B7-28B1-6193-0E00-00000000CC01}824844C:\Windows\system32\svchost.exe{B81B27B7-28BB-6193-7500-00000000CC01}3804C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058870Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:04.128{B81B27B7-28B1-6193-0E00-00000000CC01}824844C:\Windows\system32\svchost.exe{B81B27B7-28BB-6193-7500-00000000CC01}3804C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058869Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:04.128{B81B27B7-28B1-6193-0E00-00000000CC01}824844C:\Windows\system32\svchost.exe{B81B27B7-28BB-6193-7500-00000000CC01}3804C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058868Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:04.128{B81B27B7-28B1-6193-0E00-00000000CC01}824844C:\Windows\system32\svchost.exe{B81B27B7-28BB-6193-7500-00000000CC01}3804C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058867Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:04.128{B81B27B7-28B1-6193-0E00-00000000CC01}824844C:\Windows\system32\svchost.exe{B81B27B7-28BB-6193-7500-00000000CC01}3804C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058866Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:04.128{B81B27B7-28B1-6193-0E00-00000000CC01}824844C:\Windows\system32\svchost.exe{B81B27B7-28BB-6193-7500-00000000CC01}3804C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058865Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:04.128{B81B27B7-28B1-6193-0E00-00000000CC01}824844C:\Windows\system32\svchost.exe{B81B27B7-28BB-6193-7500-00000000CC01}3804C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058864Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:04.128{B81B27B7-28B1-6193-0E00-00000000CC01}824844C:\Windows\system32\svchost.exe{B81B27B7-28BB-6193-7500-00000000CC01}3804C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058863Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:04.128{B81B27B7-28B1-6193-0E00-00000000CC01}824844C:\Windows\system32\svchost.exe{B81B27B7-28BC-6193-7700-00000000CC01}4860C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058862Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:04.128{B81B27B7-28B1-6193-0E00-00000000CC01}824844C:\Windows\system32\svchost.exe{B81B27B7-28BC-6193-7700-00000000CC01}4860C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058861Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:04.128{B81B27B7-28B1-6193-0E00-00000000CC01}824844C:\Windows\system32\svchost.exe{B81B27B7-28BC-6193-7700-00000000CC01}4860C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000059058889Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:05.378{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3A484832E38DD8DB74EE2325748816BB,SHA256=BC6AC351A9A6D9F00BF09A5CB150D665E260610AB25ED3B10BE68C97CEDCB46F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874652Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:05.141{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2A9EF48314C07A49E68FD8F2D7161E1C,SHA256=F879F97BC2B3C2DB5190F55EB04823D0E25024C0EE6A2EF712D0F0E048CD8EC5,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000059058891Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:52.014{B81B27B7-28B3-6193-2C00-00000000CC01}2332C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58130-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8089- 23542300x800000000000000059058890Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:06.440{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7069B4AC1C1B2278FF569453C90AA680,SHA256=73DFBB70DC7188C7F2B682CBC21D8ECDFD13B299F01AEBBF90AB9D670503640E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874654Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:06.171{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FF18BF17ED2A32EDBEF914C165A5A4D3,SHA256=0EF3C34A12B2F174D88A4F88EEE0C9424B4E4FA21165624B5A4BA4F1BFB161C7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x8000000000000000115874653Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:06.009{3BF36828-9799-6185-0D00-00000000CC01}9046920C:\Windows\system32\svchost.exe{3BF36828-9799-6185-1600-00000000CC01}1272C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+b157|c:\windows\system32\rpcss.dll+7897|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000059058893Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:07.659{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E7708D56AAF625CB677AFE38D4CD8CF9,SHA256=9FE8F82E2D6313641557CCEE174969CFDADBC7B8587D4DC03460166E609D44FA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874655Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:07.188{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=662B9B5715898D955015F96559D15D22,SHA256=CDEE7469D7E975A532A34B1C83DAE5F1A2FFEEFEBDD5167267966221CE11B046,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000059058892Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:53.905{B81B27B7-28BE-6193-7E00-00000000CC01}5272C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58131-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000059058894Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:08.680{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=12406355597458DFEC9D490CA3CB0BB2,SHA256=43559AFB5B9C28E64DE62ECD3EBEAF7756C279E34CC5D8DCB1EDC0BD06E3672B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x8000000000000000115874659Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:32.743{3BF36828-98A5-6185-ED00-00000000CC01}2352C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local61878-false10.0.1.12-8000- 23542300x8000000000000000115874658Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:08.207{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B89C10B8FEFF9D19468046F00BF4B3C8,SHA256=E2397D8691C84E5F2307FF92117D9A3D37594C9F6859721C4254515FECD9A7A8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874657Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:08.154{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-PowerShell_OperationalMD5=AA83FFC9E7D87B880E21E2FC0D7A2A84,SHA256=462BD4EF291972A677E67FD3D50E5167D430826F9EB874502C4EBDE4BFF68856,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874656Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:08.091{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=9EB3EDB8158F91C2705EFE6756BAF2AB,SHA256=F13242D1FCC6ECBE78AF8D9ECC58AE92E0107EF3E9B7BEEF8BC9ADE9A6C0256B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058895Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:09.727{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6DC647D240F21B6A843F3A8FA01A222B,SHA256=EC9BA3CB76B9C5F62D143A6C116520B80B492390454C3D872D6EE056D391EF80,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874660Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:09.238{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CFB7E021C8555E3DD37718C02756E104,SHA256=074697A4FF1EBAD6DC343E7E07C1633405EB1CE91B7B6AEB31E623392732A85B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058896Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:10.775{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F8E2C1A9F26151AC82C9C7C8EFDA8D6E,SHA256=61A0649A58B592964ED7D5E7BECEAC2EE07242784861224E3588C303C7A8CF20,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874661Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:10.252{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=76A1286523F6E7466E40D0236BB22026,SHA256=4C84796845BDCF4E29A0A60549913DD0A3F243039647AA1F794003EC5A1386D3,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874662Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:11.267{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A67CB8949E7A91E2E607EEB1CA2D1711,SHA256=D9A148767313B9A9A8F10A5878C0C0E219B83CB0D6D34477859F724099995853,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058897Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:12.022{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=12466394872540A3DA3D8744B3BB2F0B,SHA256=0EF219B12B53D39D25B6239E26E35BF88B16DCFA82566827EF0C2EFF74F7C1FD,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874663Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:12.284{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=709BDCC5A72D27E213F3C15DD8F06565,SHA256=18DCFAB236EA944AB71327967668D691D0E89DB3BCCAFB766797ACAEB98477BB,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000059058899Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:36:59.751{B81B27B7-28BE-6193-7E00-00000000CC01}5272C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58132-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000059058898Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:13.165{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1C86A57B9F95D0FC6BCFED35BB595BD3,SHA256=F40C51A6B8FEFF0636BFE35D249190FA0C04C07538CFF56B53B1199C8369B079,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874664Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:13.304{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=34B8C9E2C379EEAAC88D9CF3BC1EFB08,SHA256=432561C3CFCCD210581066CF1EADBB085358A2862EFF477CED23BFA5B49C5D57,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058900Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:14.243{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=86502B3131316055F73A03FA9D467E3F,SHA256=2C37D9E6FAACB1FBB15E61BC3C570AB2F96B586307AF6E86B33CA10BF73A8338,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x8000000000000000115874668Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:38.776{3BF36828-98A5-6185-ED00-00000000CC01}2352C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local61879-false10.0.1.12-8000- 23542300x8000000000000000115874667Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:14.334{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7D303906B8253C3578A1706E48E2AE92,SHA256=B6BA6594432A7A73FC54E3A271BAC774200930D5FDA67C881B368F04935E151C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874666Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:14.150{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=6857D03FBBF342A536101F9C9246A10F,SHA256=85389DD8349DCD8635DA2B3C6A59D120C0601D3EDE15A5CBB80D3231881A6919,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874665Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:14.150{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=6A29269A4C95A9D34EEC31F723CC8E1B,SHA256=E6F23EA39AA361E60907C3AA74F57510642514B774FB312917B2A3D8A4025743,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058901Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:15.337{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C0F75CB2ADB335ABA48F2E221F7A03BB,SHA256=E6F6DBEB353107517F982CBAB6C0BD57A0781BA3DA178224CC1F2FC65037197B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874669Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:15.348{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=444137B4470AFC24D18D3E57DFCA2992,SHA256=B09DBC03D721A81F40556E933E5818558C81805CD9BE7EBA65783472510C8F5C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874670Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:16.401{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EDC701FCC3746229F3F3CA46C67DC808,SHA256=CE2F91F9C0F4B8E9845C7B8A90068FEEFB63DC9C9683360575280811F1885889,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058902Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:16.352{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=13F473C46AAADB16B554EA7F91219601,SHA256=BB0DE9B89E46A9F9D92F34A6FA0CC4C0BAC71546E9F5F9A7F7C8174CD26A4AE6,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874672Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:17.716{3BF36828-9799-6185-1100-00000000CC01}424NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=1056B8937022809B9F33F0BA898B071D,SHA256=602934A9F77FBC56792DBF6F15BCF14FA2CF54467E00B85BED1D3FC2F37FF066,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874671Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:17.432{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=951AB329DB5ADDF12EDA513C880281A3,SHA256=E7C2F2D699C5F30DE0BA974B4E4627D4AC7DF4C849EDD5C02329B82A4306BB90,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000059058924Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:17.587{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058923Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:17.587{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058922Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:17.587{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058921Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:17.587{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058920Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:17.587{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058919Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:17.587{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058918Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:17.587{B81B27B7-28B0-6193-0500-00000000CC01}408528C:\Windows\system32\csrss.exe{B81B27B7-7B2D-619D-FB36-01000000CC01}4024C:\Windows\system32\rundll32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000059058917Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:17.587{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058916Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:17.587{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058915Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:17.587{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058914Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:17.587{B81B27B7-7B2D-619D-FA36-01000000CC01}58525996C:\Windows\system32\wbem\wmiprvse.exe{B81B27B7-7B2D-619D-FB36-01000000CC01}4024C:\Windows\system32\rundll32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|C:\Windows\system32\wbem\cimwin32.dll+3adce|C:\Windows\system32\wbem\cimwin32.dll+3d475|C:\Windows\system32\wbem\cimwin32.dll+3ab15|C:\Windows\system32\wbem\cimwin32.dll+3b393|C:\Windows\system32\wbem\cimwin32.dll+3bb40|C:\Windows\SYSTEM32\framedynos.dll+20256|C:\Windows\SYSTEM32\framedynos.dll+218b5|C:\Windows\system32\wbem\wmiprvse.exe+1704a|C:\Windows\system32\wbem\wmiprvse.exe+1724f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6112d|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+7bfe9|C:\Windows\System32\RPCRT4.dll+4a274 154100x800000000000000059058913Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:17.593{B81B27B7-7B2D-619D-FB36-01000000CC01}4024C:\Windows\System32\rundll32.exe10.0.14393.4169 (rs1_release.210107-1130)Windows host process (Rundll32)Microsoft® Windows® Operating SystemMicrosoft CorporationRUNDLL32.EXEC:\Windows/system32/rundll32.exe evil.dllC:\Windows\system32\ATTACKRANGE\Administrator{B81B27B7-7B2D-619D-4D48-BB0900000000}0x9bb484d0HighMD5=23DB802097F7B7E520E40068A7E68B14,SHA256=28DE7D3E8BF4B19E44063A4BFC2E7C30AE488CD9A1F63320ED374E14AAECA667,IMPHASH=7D1CE1BAFE48B63D9D19E8E0E5DF3E6C{B81B27B7-7B2D-619D-FA36-01000000CC01}5852C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding 10341000x800000000000000059058912Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:17.555{B81B27B7-28B1-6193-0C00-00000000CC01}6446004C:\Windows\system32\lsass.exe{B81B27B7-7B2D-619D-FA36-01000000CC01}5852C:\Windows\system32\wbem\wmiprvse.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058911Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:17.555{B81B27B7-28B1-6193-0C00-00000000CC01}6446004C:\Windows\system32\lsass.exe{B81B27B7-7B2D-619D-FA36-01000000CC01}5852C:\Windows\system32\wbem\wmiprvse.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058910Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:17.540{B81B27B7-28B2-6193-1600-00000000CC01}1108880C:\Windows\system32\svchost.exe{B81B27B7-7B2D-619D-FA36-01000000CC01}5852C:\Windows\system32\wbem\wmiprvse.exe0x101541C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\wmiprvsd.dll+20fee|C:\Windows\system32\wbem\wmiprvsd.dll+43f7|C:\Windows\system32\wbem\wmiprvsd.dll+15538|C:\Windows\system32\wbem\wmiprvsd.dll+1498a|C:\Windows\system32\wbem\wmiprvsd.dll+146e6|C:\Windows\system32\wbem\wmiprvsd.dll+140fe|C:\Windows\system32\wbem\wbemcore.dll+2227|C:\Windows\system32\wbem\wbemcore.dll+13f4|C:\Windows\system32\wbem\wbemcore.dll+22adf|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+22711|C:\Windows\system32\wbem\wbemcore.dll+2d78c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058909Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:17.524{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-7B2D-619D-FA36-01000000CC01}5852C:\Windows\system32\wbem\wmiprvse.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058908Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:17.509{B81B27B7-28B0-6193-0500-00000000CC01}408528C:\Windows\system32\csrss.exe{B81B27B7-7B2D-619D-FA36-01000000CC01}5852C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000059058907Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:17.509{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-7B2D-619D-FA36-01000000CC01}5852C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\rpcss.dll+35069|c:\windows\system32\rpcss.dll+3a852|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058906Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:17.493{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B1-6193-0C00-00000000CC01}644C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058905Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:17.493{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B1-6193-0C00-00000000CC01}644C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058904Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:17.493{B81B27B7-28B1-6193-0C00-00000000CC01}6446004C:\Windows\system32\lsass.exe{B81B27B7-28B2-6193-1600-00000000CC01}1108C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+1a18d|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000059058903Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:17.368{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B42A450794C4CABA1F7BF398879F4C23,SHA256=98C0848EE2BE10EB9AFE0FBE8714B7FCCC59F9C972562829883A81CE7EFCDBCD,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000059058932Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:05.158{B81B27B7-28B2-6193-1600-00000000CC01}1108C:\Windows\System32\svchost.exeNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14-61882-false10.0.1.15win-host-987.attackrange.local49668- 354300x800000000000000059058931Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:05.154{B81B27B7-28B1-6193-0C00-00000000CC01}644C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58134-false10.0.1.14-49672- 354300x800000000000000059058930Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:05.151{B81B27B7-28B1-6193-0E00-00000000CC01}824C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse10.0.1.14-61881-false10.0.1.15win-host-987.attackrange.local135epmap 354300x800000000000000059058929Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:05.150{B81B27B7-28B1-6193-0E00-00000000CC01}824C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse10.0.1.14-61880-false10.0.1.15win-host-987.attackrange.local135epmap 354300x800000000000000059058928Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:04.817{B81B27B7-28BE-6193-7E00-00000000CC01}5272C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58133-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000059058927Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:18.602{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=186D23A1E68431A8ABA438BF9008A6AB,SHA256=D0E4B9C07EDBEEAECBFAF7B1BF3EE88BE7031510E99A08053B3E17F03BCC120A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x8000000000000000115874681Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:43.136{3BF36828-47A9-619D-74CA-02000000CC01}7544C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-128.attackrange.local61882-false10.0.1.15ip-10-0-1-15.us-west-2.compute.internal49668- 354300x8000000000000000115874680Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:43.132{3BF36828-9797-6185-0B00-00000000CC01}636C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.15ip-10-0-1-15.us-west-2.compute.internal58134-false10.0.1.14win-dc-128.attackrange.local49672- 354300x8000000000000000115874679Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:43.129{3BF36828-9799-6185-0D00-00000000CC01}904C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcptruefalse10.0.1.14win-dc-128.attackrange.local61881-false10.0.1.15ip-10-0-1-15.us-west-2.compute.internal135epmap 354300x8000000000000000115874678Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:43.128{3BF36828-9799-6185-0D00-00000000CC01}904C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcptruefalse10.0.1.14win-dc-128.attackrange.local61880-false10.0.1.15ip-10-0-1-15.us-west-2.compute.internal135epmap 354300x8000000000000000115874677Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:43.125{3BF36828-97A9-6185-3200-00000000CC01}2360C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudptruefalse10.0.1.14win-dc-128.attackrange.local61742-false10.0.0.2ip-10-0-0-2.us-west-2.compute.internal53domain 354300x8000000000000000115874676Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:43.125{3BF36828-9799-6185-1400-00000000CC01}1056C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEudptruetrue0:0:0:0:0:0:0:1win-dc-128.attackrange.local61776-true0:0:0:0:0:0:0:1win-dc-128.attackrange.local53domain 23542300x8000000000000000115874675Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:18.500{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=6857D03FBBF342A536101F9C9246A10F,SHA256=85389DD8349DCD8635DA2B3C6A59D120C0601D3EDE15A5CBB80D3231881A6919,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874674Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:18.482{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-PowerShell_OperationalMD5=84962CAC512DCE17D0ABFFF8A58666CC,SHA256=E7C777E47EBE33018637936D4ECC65A3647E7107A8DF1CAAE4514CF18A739744,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874673Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:18.462{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=66F0918660B6C778F529792791504753,SHA256=42939CE38ECE3D288E890ECF18DF3AAD131FF0F6B89026250E3FF2D6171DBDF6,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058926Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:18.509{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A4D8E196CF4D7DA119B70DCB993B8F18,SHA256=CA3AC41E573CE81028D169DAF7EBC4FEA3CD034EEACB3B58569A815D6073E822,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058925Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:18.509{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A78C05A7CBB1653A6BCD138BE0B440C3,SHA256=A627757F55F64EABDE8D34B9846B3D563876B04DD79B01EEB2E0051B35833C49,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058933Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:19.618{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=795709CAECF2FE1E9D5D6BD8E7F29316,SHA256=F9F9B1B54F7944988621CFCCD15680D1212E0B44BC9F4C077DFD5B37E9CBFCD7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x8000000000000000115874684Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:43.835{3BF36828-98A5-6185-ED00-00000000CC01}2352C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local61883-false10.0.1.12-8000- 23542300x8000000000000000115874683Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:19.530{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=61FE714FA35FCB510F308826309A92C5,SHA256=2FB2CA6B890ED4F68C7F7A95A366B63C0DCF64B1986C17B9B3131003CEA20D15,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874682Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:19.481{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E72BFD2BB3234B957BDA5E9A9FAD20C8,SHA256=08232EFEA3137C5A7A954DAE9EE941280C015503C2B7EC5C0966DE36E4035DDF,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058934Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:20.837{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=07C2FBF73FC662A263D1B312EEE5191D,SHA256=DC69F4D190E8A1CC8048290EC60160586C5DF56B65BB25B33723C654CC9712A0,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874685Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:20.514{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E3846F49BB9CDA36FF66DD99E971F9C0,SHA256=A06BAA07ACCA02385A1BEDE5F271567220F37F2D10F70200394CBE955B34C7E3,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058935Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:21.852{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7CF63371029B146AB2AC5B0C463CFA8F,SHA256=1C34150244E06DAF2A4DDD943CC087FCC50CCCE9BE76A285748A1BB1B527073F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874687Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:21.612{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F3F68E8B104C5D8738226DA6F555E550,SHA256=D39D42BDFCB90BF1B26B345DB9F73F0E945285AF0A1A3CB9A6E972849810264B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874686Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:21.060{3BF36828-989D-6185-BF00-00000000CC01}2968NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=9D45E1BDB6F237A6CF51FFC6A12E6130,SHA256=87EEE278CDF62B2B86AF9CB87BDB04BAFB10272CEA175D83979B0C43158C5AB9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058936Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:22.868{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ADAC7E6B0A71F3FE9830B53A71F9BBC1,SHA256=60F23B460F81B99667BF6B5C639BD41AC00112FCBC81DB504A7AF482DE1C39D7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x8000000000000000115874690Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:46.702{3BF36828-989D-6185-BF00-00000000CC01}2968C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local61884-false10.0.1.12-8089- 23542300x8000000000000000115874689Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:22.627{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=864A7186F188E785A4A7E4D77235770E,SHA256=C32A6F5D2272EE6906337206854C2E3C5B697028DD2094B41BCEEEBE9EF0A0F7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874688Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:22.113{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2E5A86AA21617D70CFE9D96B1BFA5401,SHA256=ABA6B684C73187D28E20CAFCE8C5239B6E325E149BCFD75AB6C525B38CFEE1B4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874692Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:23.726{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=73E50F6169C37E7CF82FEBE0B5B58E02,SHA256=D60AAFA96BE2A034F0E4B89DE6CED3DADB8365D068B942C44AA42416750CF287,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874691Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:23.641{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1523844EBE3124EDE0DA1A608D703C22,SHA256=FFBA6E033A7294762189FDB54580199A6344F58ACD0AAEF28DA52F2810489B0D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058938Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:23.884{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=20C5BED77AECBCA3A530C5C0656C6EC7,SHA256=600529661A48001E113A410E89B4833182AB6F751A260BC80A6F70D8087F412F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058937Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:23.134{B81B27B7-28B2-6193-1300-00000000CC01}364NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=D91373FB2348AC9620FC9452D22EB6D6,SHA256=5AFF6F8F63F0FF22C2C1956E3DF9D8EB2E5F217436C330A18830CD01F20BE8C0,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874693Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:24.674{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CA0115C5B03179523D1D79DCB4BBA22C,SHA256=2CC52DAE7417B0769AFB96516FF3DB5DFD3BEF9D822F3AF4C8C62C493465BB0D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000059058940Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:10.723{B81B27B7-28BE-6193-7E00-00000000CC01}5272C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58135-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000059058939Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:24.884{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2AE88EF84462FF0392C02624DD6A18FC,SHA256=8E585EDB91D1DC5C69D42A47A83269069EA0009DF8BB37F56644BBB8B54A120D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058941Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:25.884{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E0B5BDB967B51859C6715C5826089676,SHA256=A22DB3F18D31CCBE170A4E132EAA287DFFD5A723787C9782959C4B290FDADD3D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874696Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:25.709{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=030C37AAA2FD19555C933FDD94ECC37C,SHA256=AB8FFDC4A5F70FD558B5515C50B3EB89EF3B9AB59CF1FEB099A7C946EF4C9F57,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874695Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:25.075{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=DC7A8FDE246C315D1319748ECBCE3763,SHA256=CB91EC7145560DD2FE88B227D9BE6E17C4F0324DA4A532A26FED5CC6137D4A82,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874694Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:25.040{3BF36828-8A4E-6195-DEE0-01000000CC01}3124ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\v9017qz8.default-release\datareporting\glean\db\data.safe.binMD5=ECCD3654382AFD76A5D35A94D5C48BE6,SHA256=5CD9E4CAC84BE880663B873DF708B342D5A0BED578F36AF0A2A8E617767F3072,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058942Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:26.899{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=15881692C732B602565D39D0224F24C0,SHA256=84210FCEC6629DBEEC8D6E6D6E3F9EDF1A0316436154DF5101940AF25D71651D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874698Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:26.739{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=83DD3AA5D1705F793E25401BF0E02271,SHA256=22928974F7D76F050910FB9637082E66CB8F0C8849B3915EBE6B64517DDDDE1A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x8000000000000000115874697Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:49.714{3BF36828-98A5-6185-ED00-00000000CC01}2352C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local61885-false10.0.1.12-8000- 23542300x800000000000000059058956Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:27.906{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=008FA5E262A999A0E72E9C110468D025,SHA256=1C3E0A5F9F89723FB18154897241C6456A42B885C9612AEF62E0241388C9B83D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874699Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:27.771{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6B1FF7D0DCEEBC0F0BACFEF54D44541B,SHA256=CC5915650569E849723CB8BDE81D4FFC6E61567862530513C26BCCC909FF7C53,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000059058955Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:27.541{B81B27B7-28B4-6193-3100-00000000CC01}31203140C:\Windows\system32\conhost.exe{B81B27B7-7B37-619D-FC36-01000000CC01}2540C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058954Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:27.541{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058953Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:27.541{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058952Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:27.541{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058951Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:27.541{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058950Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:27.541{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058949Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:27.541{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058948Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:27.541{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058947Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:27.541{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058946Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:27.541{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058945Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:27.541{B81B27B7-28B0-6193-0500-00000000CC01}408528C:\Windows\system32\csrss.exe{B81B27B7-7B37-619D-FC36-01000000CC01}2540C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000059058944Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:27.541{B81B27B7-28B3-6193-2C00-00000000CC01}23323408C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{B81B27B7-7B37-619D-FC36-01000000CC01}2540C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000059058943Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:27.525{B81B27B7-7B37-619D-FC36-01000000CC01}2540C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{B81B27B7-28B1-6193-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{B81B27B7-28B3-6193-2C00-00000000CC01}2332C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000059058985Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:28.922{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F2A5E1A574D6F6D92A488BB077344794,SHA256=BD334A0E157178BC835445F8961DF44ADEFC39B3679AC05569E8BB30FAB43963,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000059058984Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:28.922{B81B27B7-28B4-6193-3100-00000000CC01}31203140C:\Windows\system32\conhost.exe{B81B27B7-7B38-619D-FE36-01000000CC01}664C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058983Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:28.922{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058982Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:28.922{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058981Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:28.922{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058980Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:28.922{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058979Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:28.922{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058978Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:28.922{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058977Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:28.922{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058976Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:28.922{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058975Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:28.922{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058974Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:28.922{B81B27B7-28B0-6193-0500-00000000CC01}408528C:\Windows\system32\csrss.exe{B81B27B7-7B38-619D-FE36-01000000CC01}664C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000059058973Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:28.922{B81B27B7-28B3-6193-2C00-00000000CC01}23323408C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{B81B27B7-7B38-619D-FE36-01000000CC01}664C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000059058972Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:28.907{B81B27B7-7B38-619D-FE36-01000000CC01}664C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{B81B27B7-28B1-6193-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{B81B27B7-28B3-6193-2C00-00000000CC01}2332C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000115874701Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:28.807{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5F4709D6ED865547CFBE818354BB0F2F,SHA256=C7659A2418D863D770A685C907E4D6876F805750110BDCA66BF7EC092B9913F7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058971Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:28.531{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F9994003AD14C8D0BB78ABE69CA97A60,SHA256=40F7CFB8A978F8C3D255808623D6217240DC038869D519C4955B52CE75C2BF24,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058970Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:28.531{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A4D8E196CF4D7DA119B70DCB993B8F18,SHA256=CA3AC41E573CE81028D169DAF7EBC4FEA3CD034EEACB3B58569A815D6073E822,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000059058969Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:28.234{B81B27B7-28B4-6193-3100-00000000CC01}31203140C:\Windows\system32\conhost.exe{B81B27B7-7B38-619D-FD36-01000000CC01}1180C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058968Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:28.234{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058967Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:28.234{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058966Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:28.234{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058965Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:28.234{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058964Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:28.234{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058963Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:28.234{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058962Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:28.234{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058961Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:28.234{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058960Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:28.234{B81B27B7-28B1-6193-0D00-00000000CC01}7522164C:\Windows\system32\svchost.exe{B81B27B7-28B3-6193-2B00-00000000CC01}2324C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000059058959Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:28.219{B81B27B7-28B0-6193-0500-00000000CC01}408424C:\Windows\system32\csrss.exe{B81B27B7-7B38-619D-FD36-01000000CC01}1180C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000059058958Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:28.219{B81B27B7-28B3-6193-2C00-00000000CC01}23323408C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{B81B27B7-7B38-619D-FD36-01000000CC01}1180C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000059058957Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:28.219{B81B27B7-7B38-619D-FD36-01000000CC01}1180C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{B81B27B7-28B1-6193-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{B81B27B7-28B3-6193-2C00-00000000CC01}2332C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000115874700Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:28.708{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=4BC422A50C98946C2609A3DCB905F9DF,SHA256=55C672C28E2038C983872B6152D425B90955E34E49A3EDF583DCBDEECCA0C7A2,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874702Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:29.821{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=91EBC001ADEC963077B954D4464C6A7B,SHA256=6596F0A03A2FC8BB9E8B8F5A553871315DE0C52BCF3DA32A3ABBE65DD79CF1EE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058987Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:29.937{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F9994003AD14C8D0BB78ABE69CA97A60,SHA256=40F7CFB8A978F8C3D255808623D6217240DC038869D519C4955B52CE75C2BF24,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000059058986Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:29.062{B81B27B7-7B38-619D-FE36-01000000CC01}6642932C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{B81B27B7-28B3-6193-2C00-00000000CC01}2332C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000115874705Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:54.848{3BF36828-98A5-6185-ED00-00000000CC01}2352C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local61886-false10.0.1.12-8000- 23542300x8000000000000000115874704Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:30.869{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4E249C262CB487169A287F7C9A0ED1BD,SHA256=1B877624CC94AA800C5550529CE18EC555B8E8DDD4DC9C726352678BB4F0591C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058989Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:30.094{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=62700DCD0FCBC19316CCBB533F6D3BBC,SHA256=70B522A2CA12E87E818676E24FFAFB5470A2F380D5D510179E9345A77FC7FEE3,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874703Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:30.206{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=AEE88240B6D3FA97AD4DD3F076684254,SHA256=D6163D3C62F305689DFE531444805BF528C59F0CDC7AFDC293196E68EEE49E2B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000059058988Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:15.824{B81B27B7-28BE-6193-7E00-00000000CC01}5272C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58136-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x8000000000000000115874706Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:31.889{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=39D8BC42CF2F909EFDC8EA7AAF8DBDEE,SHA256=160FF20AE6EC10F5E2FC7587C0632F7AFA3F0F1D00D9304A83D1AB50D9E7027B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058990Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:31.328{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6F6EF7079D0C284C3CBCF1C0983C759B,SHA256=5EB927E6B6DC57060F800ABA71BEC4BC4DBBF3D153D85BCDA96FA5D847E45BCF,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058991Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:32.469{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=95A4765DB3139E421FA1C0ADE9498A69,SHA256=967179931D6229B9A5972BA14561780498EC5ADA718630CBCCDF1B3B593AEC83,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x8000000000000000115874805Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:32.919{3BF36828-7B3C-619D-93D0-02000000CC01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x8000000000000000115874804Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:32.919{3BF36828-7B3C-619D-93D0-02000000CC01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rsaenh.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=B6E99FD898E948657373BB02708C7C00,SHA256=90476029BD7AB0FEC53AAE567AE53BC0B09C7C5C8C7B8F19485BA872B74ED591,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x8000000000000000115874803Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:32.919{3BF36828-7B3C-619D-93D0-02000000CC01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x8000000000000000115874802Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:32.919{3BF36828-7B3C-619D-93D0-02000000CC01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x8000000000000000115874801Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:32.904{3BF36828-7B3C-619D-93D0-02000000CC01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x8000000000000000115874800Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:32.904{3BF36828-7B3C-619D-93D0-02000000CC01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x8000000000000000115874799Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:32.904{3BF36828-7B3C-619D-93D0-02000000CC01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x8000000000000000115874798Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:32.904{3BF36828-7B3C-619D-93D0-02000000CC01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x8000000000000000115874797Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:32.904{3BF36828-7B3C-619D-93D0-02000000CC01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x8000000000000000115874796Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:32.904{3BF36828-7B3C-619D-93D0-02000000CC01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x8000000000000000115874795Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:32.904{3BF36828-7B3C-619D-93D0-02000000CC01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x8000000000000000115874794Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:32.904{3BF36828-7B3C-619D-93D0-02000000CC01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x8000000000000000115874793Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:32.904{3BF36828-7B3C-619D-93D0-02000000CC01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x8000000000000000115874792Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:32.888{3BF36828-7B3C-619D-93D0-02000000CC01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x8000000000000000115874791Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:32.888{3BF36828-7B3C-619D-93D0-02000000CC01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x8000000000000000115874790Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:32.888{3BF36828-7B3C-619D-93D0-02000000CC01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x8000000000000000115874789Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:32.888{3BF36828-7B3C-619D-93D0-02000000CC01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x8000000000000000115874788Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:32.888{3BF36828-7B3C-619D-93D0-02000000CC01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x8000000000000000115874787Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:32.888{3BF36828-7B3C-619D-93D0-02000000CC01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x8000000000000000115874786Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:32.888{3BF36828-7B3C-619D-93D0-02000000CC01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x8000000000000000115874785Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:32.888{3BF36828-7B3C-619D-93D0-02000000CC01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x8000000000000000115874784Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:32.888{3BF36828-7B3C-619D-93D0-02000000CC01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x8000000000000000115874783Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:32.888{3BF36828-7B3C-619D-93D0-02000000CC01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x8000000000000000115874782Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:32.888{3BF36828-7B3C-619D-93D0-02000000CC01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\advapi32.dll10.0.14393.2969 (rs1_release.190503-1820)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=F5442C4B9A99C3AED71BED79AC46DAD1,SHA256=05F47403F3BD93FB11F39A5CB4D6E4DD08B35FF4FA3D4969D8E5396D38FB484B,IMPHASH=D2F471BB25AF6310EB67BD4EA99B4DBCtrueMicrosoft WindowsValid 734700x8000000000000000115874781Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:32.888{3BF36828-7B3C-619D-93D0-02000000CC01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x8000000000000000115874780Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:32.888{3BF36828-7B3C-619D-93D0-02000000CC01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x8000000000000000115874779Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:32.888{3BF36828-7B3C-619D-93D0-02000000CC01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x8000000000000000115874778Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:32.888{3BF36828-7B3C-619D-93D0-02000000CC01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x8000000000000000115874777Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:32.888{3BF36828-7B3C-619D-93D0-02000000CC01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4350 (rs1_release.210407-2154)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=BC930981DA6E598A6A2E87D8355CB38A,SHA256=34DB9A305C0574B5C1694A499221B520DFB2BFD894D8E95096ABF09F1182D758,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x8000000000000000115874776Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:32.888{3BF36828-7B3C-619D-93D0-02000000CC01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x8000000000000000115874775Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:32.888{3BF36828-7B3C-619D-93D0-02000000CC01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\combase.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=88632FDECDE467B887C3594BE2EC545C,SHA256=FFED4D80961917C785063411ED15CED1DB6588AD925E76D72E1BF684FFDBF25D,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x8000000000000000115874774Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:32.888{3BF36828-7B3C-619D-93D0-02000000CC01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x8000000000000000115874773Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:32.888{3BF36828-7B3C-619D-93D0-02000000CC01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x8000000000000000115874772Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:32.888{3BF36828-7B3C-619D-93D0-02000000CC01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x8000000000000000115874771Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:32.872{3BF36828-7B3C-619D-93D0-02000000CC01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000115874770Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:32.872{3BF36828-7B3C-619D-93D0-02000000CC01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 10341000x8000000000000000115874769Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:32.872{3BF36828-989E-6185-C300-00000000CC01}59565960C:\Windows\system32\conhost.exe{3BF36828-7B3C-619D-93D0-02000000CC01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x8000000000000000115874768Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:32.872{3BF36828-7B3C-619D-93D0-02000000CC01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x8000000000000000115874767Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:32.872{3BF36828-7B3C-619D-93D0-02000000CC01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x8000000000000000115874766Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:32.872{3BF36828-7B3C-619D-93D0-02000000CC01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000115874765Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:32.872{3BF36828-7B3C-619D-93D0-02000000CC01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exeMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165trueSplunk, Inc.Valid 10341000x8000000000000000115874764Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:32.872{3BF36828-9799-6185-0C00-00000000CC01}844988C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115874763Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:32.872{3BF36828-9799-6185-0C00-00000000CC01}844988C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115874762Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:32.872{3BF36828-9799-6185-0C00-00000000CC01}844988C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115874761Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:32.872{3BF36828-9799-6185-0C00-00000000CC01}844988C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115874760Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:32.872{3BF36828-9797-6185-0500-00000000CC01}420536C:\Windows\system32\csrss.exe{3BF36828-7B3C-619D-93D0-02000000CC01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000115874759Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:32.872{3BF36828-989D-6185-BF00-00000000CC01}29682452C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3BF36828-7B3C-619D-93D0-02000000CC01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000115874758Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:32.867{3BF36828-7B3C-619D-93D0-02000000CC01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{3BF36828-9797-6185-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{3BF36828-989D-6185-BF00-00000000CC01}2968C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 734700x8000000000000000115874757Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:32.404{3BF36828-7B3C-619D-92D0-02000000CC01}376C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 10341000x8000000000000000115874756Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:32.404{3BF36828-7B3C-619D-92D0-02000000CC01}3765704C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{3BF36828-989D-6185-BF00-00000000CC01}2968C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x8000000000000000115874755Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:32.404{3BF36828-7B3C-619D-92D0-02000000CC01}376C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x8000000000000000115874754Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:32.404{3BF36828-7B3C-619D-92D0-02000000CC01}376C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x8000000000000000115874753Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:32.220{3BF36828-7B3C-619D-92D0-02000000CC01}376C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x8000000000000000115874752Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:32.220{3BF36828-7B3C-619D-92D0-02000000CC01}376C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=B6E99FD898E948657373BB02708C7C00,SHA256=90476029BD7AB0FEC53AAE567AE53BC0B09C7C5C8C7B8F19485BA872B74ED591,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x8000000000000000115874751Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:32.220{3BF36828-7B3C-619D-92D0-02000000CC01}376C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x8000000000000000115874750Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:32.220{3BF36828-7B3C-619D-92D0-02000000CC01}376C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x8000000000000000115874749Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:32.220{3BF36828-7B3C-619D-92D0-02000000CC01}376C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x8000000000000000115874748Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:32.220{3BF36828-7B3C-619D-92D0-02000000CC01}376C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x8000000000000000115874747Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:32.220{3BF36828-7B3C-619D-92D0-02000000CC01}376C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x8000000000000000115874746Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:32.220{3BF36828-7B3C-619D-92D0-02000000CC01}376C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x8000000000000000115874745Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:32.220{3BF36828-7B3C-619D-92D0-02000000CC01}376C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x8000000000000000115874744Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:32.220{3BF36828-7B3C-619D-92D0-02000000CC01}376C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x8000000000000000115874743Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:32.204{3BF36828-7B3C-619D-92D0-02000000CC01}376C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x8000000000000000115874742Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:32.204{3BF36828-7B3C-619D-92D0-02000000CC01}376C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x8000000000000000115874741Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:32.204{3BF36828-7B3C-619D-92D0-02000000CC01}376C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x8000000000000000115874740Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:32.204{3BF36828-7B3C-619D-92D0-02000000CC01}376C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=88632FDECDE467B887C3594BE2EC545C,SHA256=FFED4D80961917C785063411ED15CED1DB6588AD925E76D72E1BF684FFDBF25D,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x8000000000000000115874739Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:32.204{3BF36828-7B3C-619D-92D0-02000000CC01}376C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x8000000000000000115874738Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:32.204{3BF36828-7B3C-619D-92D0-02000000CC01}376C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000115874737Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:32.204{3BF36828-7B3C-619D-92D0-02000000CC01}376C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x8000000000000000115874736Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:32.204{3BF36828-7B3C-619D-92D0-02000000CC01}376C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x8000000000000000115874735Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:32.204{3BF36828-7B3C-619D-92D0-02000000CC01}376C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x8000000000000000115874734Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:32.204{3BF36828-7B3C-619D-92D0-02000000CC01}376C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x8000000000000000115874733Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:32.204{3BF36828-7B3C-619D-92D0-02000000CC01}376C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x8000000000000000115874732Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:32.204{3BF36828-7B3C-619D-92D0-02000000CC01}376C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x8000000000000000115874731Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:32.204{3BF36828-7B3C-619D-92D0-02000000CC01}376C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x8000000000000000115874730Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:32.204{3BF36828-7B3C-619D-92D0-02000000CC01}376C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x8000000000000000115874729Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:32.204{3BF36828-7B3C-619D-92D0-02000000CC01}376C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x8000000000000000115874728Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:32.204{3BF36828-7B3C-619D-92D0-02000000CC01}376C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x8000000000000000115874727Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:32.204{3BF36828-7B3C-619D-92D0-02000000CC01}376C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x8000000000000000115874726Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:32.204{3BF36828-7B3C-619D-92D0-02000000CC01}376C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4350 (rs1_release.210407-2154)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=BC930981DA6E598A6A2E87D8355CB38A,SHA256=34DB9A305C0574B5C1694A499221B520DFB2BFD894D8E95096ABF09F1182D758,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x8000000000000000115874725Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:32.204{3BF36828-7B3C-619D-92D0-02000000CC01}376C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x8000000000000000115874724Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:32.204{3BF36828-7B3C-619D-92D0-02000000CC01}376C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x8000000000000000115874723Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:32.204{3BF36828-7B3C-619D-92D0-02000000CC01}376C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x8000000000000000115874722Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:32.204{3BF36828-7B3C-619D-92D0-02000000CC01}376C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x8000000000000000115874721Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:32.204{3BF36828-7B3C-619D-92D0-02000000CC01}376C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x8000000000000000115874720Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:32.204{3BF36828-7B3C-619D-92D0-02000000CC01}376C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x8000000000000000115874719Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:32.204{3BF36828-7B3C-619D-92D0-02000000CC01}376C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.2969 (rs1_release.190503-1820)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=F5442C4B9A99C3AED71BED79AC46DAD1,SHA256=05F47403F3BD93FB11F39A5CB4D6E4DD08B35FF4FA3D4969D8E5396D38FB484B,IMPHASH=D2F471BB25AF6310EB67BD4EA99B4DBCtrueMicrosoft WindowsValid 10341000x8000000000000000115874718Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:32.204{3BF36828-989E-6185-C300-00000000CC01}59565960C:\Windows\system32\conhost.exe{3BF36828-7B3C-619D-92D0-02000000CC01}376C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x8000000000000000115874717Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:32.204{3BF36828-7B3C-619D-92D0-02000000CC01}376C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x8000000000000000115874716Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:32.204{3BF36828-7B3C-619D-92D0-02000000CC01}376C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x8000000000000000115874715Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:32.204{3BF36828-7B3C-619D-92D0-02000000CC01}376C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000115874714Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:32.204{3BF36828-7B3C-619D-92D0-02000000CC01}376C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1CtrueSplunk, Inc.Valid 10341000x8000000000000000115874713Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:32.204{3BF36828-9799-6185-0C00-00000000CC01}844988C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115874712Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:32.204{3BF36828-9799-6185-0C00-00000000CC01}844988C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115874711Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:32.204{3BF36828-9799-6185-0C00-00000000CC01}844988C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115874710Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:32.204{3BF36828-9799-6185-0C00-00000000CC01}844988C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115874709Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:32.204{3BF36828-9797-6185-0500-00000000CC01}420536C:\Windows\system32\csrss.exe{3BF36828-7B3C-619D-92D0-02000000CC01}376C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000115874708Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:32.204{3BF36828-989D-6185-BF00-00000000CC01}29682452C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3BF36828-7B3C-619D-92D0-02000000CC01}376C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000115874707Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:32.189{3BF36828-7B3C-619D-92D0-02000000CC01}376C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{3BF36828-9797-6185-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{3BF36828-989D-6185-BF00-00000000CC01}2968C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000059058993Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:33.687{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E93AF22D2A712587D1DAB90D6FE67273,SHA256=48A7188D2BB6FBF259B631F7B0649B8485DF65216B2BE89D2EAF1FA5CA6B188C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874864Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:33.904{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4C5DA3F9DA6EF0FA68C2617F2D5776E1,SHA256=B06BD0E3DE3383B6F32464803F4162F9A7AED7C9E1F256302EBD21949D73F81C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x8000000000000000115874863Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:33.720{3BF36828-7B3D-619D-94D0-02000000CC01}1280C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x8000000000000000115874862Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:33.720{3BF36828-7B3D-619D-94D0-02000000CC01}1280C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x8000000000000000115874861Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:33.720{3BF36828-7B3D-619D-94D0-02000000CC01}1280C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 23542300x8000000000000000115874860Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:33.604{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=64166EF1CE9E0A92482DDAB71D08C041,SHA256=0C82AB090E1C5258C1D15C972BE4BB74C9FF4D8541EAC98BEABA9FBC220A5674,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x8000000000000000115874859Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:33.571{3BF36828-7B3D-619D-94D0-02000000CC01}1280C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x8000000000000000115874858Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:33.571{3BF36828-7B3D-619D-94D0-02000000CC01}1280C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rsaenh.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=B6E99FD898E948657373BB02708C7C00,SHA256=90476029BD7AB0FEC53AAE567AE53BC0B09C7C5C8C7B8F19485BA872B74ED591,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x8000000000000000115874857Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:33.570{3BF36828-7B3D-619D-94D0-02000000CC01}1280C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x8000000000000000115874856Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:33.569{3BF36828-7B3D-619D-94D0-02000000CC01}1280C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x8000000000000000115874855Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:33.568{3BF36828-7B3D-619D-94D0-02000000CC01}1280C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x8000000000000000115874854Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:33.568{3BF36828-7B3D-619D-94D0-02000000CC01}1280C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x8000000000000000115874853Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:33.567{3BF36828-7B3D-619D-94D0-02000000CC01}1280C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x8000000000000000115874852Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:33.566{3BF36828-7B3D-619D-94D0-02000000CC01}1280C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 23542300x800000000000000059058992Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:33.469{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=BCFC40D497983F6E90404785E288B6C2,SHA256=C0E1CDEBE752297159583A0D6AE1D5CAFEA9C282C71222C9127CF02D439A74A3,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x8000000000000000115874851Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:33.551{3BF36828-7B3D-619D-94D0-02000000CC01}1280C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x8000000000000000115874850Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:33.551{3BF36828-7B3D-619D-94D0-02000000CC01}1280C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x8000000000000000115874849Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:33.551{3BF36828-7B3D-619D-94D0-02000000CC01}1280C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x8000000000000000115874848Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:33.551{3BF36828-7B3D-619D-94D0-02000000CC01}1280C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x8000000000000000115874847Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:33.551{3BF36828-7B3D-619D-94D0-02000000CC01}1280C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\combase.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=88632FDECDE467B887C3594BE2EC545C,SHA256=FFED4D80961917C785063411ED15CED1DB6588AD925E76D72E1BF684FFDBF25D,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x8000000000000000115874846Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:33.551{3BF36828-7B3D-619D-94D0-02000000CC01}1280C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x8000000000000000115874845Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:33.551{3BF36828-7B3D-619D-94D0-02000000CC01}1280C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x8000000000000000115874844Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:33.551{3BF36828-7B3D-619D-94D0-02000000CC01}1280C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x8000000000000000115874843Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:33.551{3BF36828-7B3D-619D-94D0-02000000CC01}1280C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x8000000000000000115874842Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:33.551{3BF36828-7B3D-619D-94D0-02000000CC01}1280C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000115874841Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:33.551{3BF36828-7B3D-619D-94D0-02000000CC01}1280C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x8000000000000000115874840Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:33.551{3BF36828-7B3D-619D-94D0-02000000CC01}1280C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x8000000000000000115874839Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:33.551{3BF36828-7B3D-619D-94D0-02000000CC01}1280C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x8000000000000000115874838Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:33.551{3BF36828-7B3D-619D-94D0-02000000CC01}1280C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x8000000000000000115874837Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:33.551{3BF36828-7B3D-619D-94D0-02000000CC01}1280C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x8000000000000000115874836Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:33.551{3BF36828-7B3D-619D-94D0-02000000CC01}1280C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x8000000000000000115874835Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:33.551{3BF36828-7B3D-619D-94D0-02000000CC01}1280C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x8000000000000000115874834Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:33.551{3BF36828-7B3D-619D-94D0-02000000CC01}1280C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4350 (rs1_release.210407-2154)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=BC930981DA6E598A6A2E87D8355CB38A,SHA256=34DB9A305C0574B5C1694A499221B520DFB2BFD894D8E95096ABF09F1182D758,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x8000000000000000115874833Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:33.551{3BF36828-7B3D-619D-94D0-02000000CC01}1280C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x8000000000000000115874832Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:33.551{3BF36828-7B3D-619D-94D0-02000000CC01}1280C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x8000000000000000115874831Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:33.551{3BF36828-7B3D-619D-94D0-02000000CC01}1280C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x8000000000000000115874830Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:33.551{3BF36828-7B3D-619D-94D0-02000000CC01}1280C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x8000000000000000115874829Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:33.551{3BF36828-7B3D-619D-94D0-02000000CC01}1280C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x8000000000000000115874828Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:33.551{3BF36828-7B3D-619D-94D0-02000000CC01}1280C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x8000000000000000115874827Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:33.551{3BF36828-7B3D-619D-94D0-02000000CC01}1280C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\fltLib.dll10.0.14393.0 (rs1_release.160715-1616)Filter LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationfilterLib.dllMD5=051ABD8360BDA63A1BC77C662FBF0A25,SHA256=C914E2DBAEC2C9A11923A984B30A979637D3A27B3C29E93F4C90FB1D9FBC518F,IMPHASH=74D3C2DA8B6F9861866B866AE40683D3trueMicrosoft WindowsValid 734700x8000000000000000115874826Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:33.551{3BF36828-7B3D-619D-94D0-02000000CC01}1280C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x8000000000000000115874825Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:33.551{3BF36828-7B3D-619D-94D0-02000000CC01}1280C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x8000000000000000115874824Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:33.551{3BF36828-7B3D-619D-94D0-02000000CC01}1280C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\advapi32.dll10.0.14393.2969 (rs1_release.190503-1820)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=F5442C4B9A99C3AED71BED79AC46DAD1,SHA256=05F47403F3BD93FB11F39A5CB4D6E4DD08B35FF4FA3D4969D8E5396D38FB484B,IMPHASH=D2F471BB25AF6310EB67BD4EA99B4DBCtrueMicrosoft WindowsValid 10341000x8000000000000000115874823Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:33.551{3BF36828-989E-6185-C300-00000000CC01}59565960C:\Windows\system32\conhost.exe{3BF36828-7B3D-619D-94D0-02000000CC01}1280C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x8000000000000000115874822Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:33.551{3BF36828-7B3D-619D-94D0-02000000CC01}1280C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x8000000000000000115874821Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:33.551{3BF36828-7B3D-619D-94D0-02000000CC01}1280C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x8000000000000000115874820Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:33.551{3BF36828-7B3D-619D-94D0-02000000CC01}1280C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000115874819Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:33.551{3BF36828-7B3D-619D-94D0-02000000CC01}1280C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exeMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8trueSplunk, Inc.Valid 10341000x8000000000000000115874818Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:33.551{3BF36828-9799-6185-0C00-00000000CC01}844988C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115874817Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:33.551{3BF36828-9799-6185-0C00-00000000CC01}844988C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115874816Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:33.551{3BF36828-9799-6185-0C00-00000000CC01}844988C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115874815Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:33.551{3BF36828-9799-6185-0C00-00000000CC01}844988C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115874814Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:33.551{3BF36828-9797-6185-0500-00000000CC01}420436C:\Windows\system32\csrss.exe{3BF36828-7B3D-619D-94D0-02000000CC01}1280C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000115874813Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:33.551{3BF36828-989D-6185-BF00-00000000CC01}29682452C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3BF36828-7B3D-619D-94D0-02000000CC01}1280C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000115874812Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:33.536{3BF36828-7B3D-619D-94D0-02000000CC01}1280C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{3BF36828-9797-6185-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{3BF36828-989D-6185-BF00-00000000CC01}2968C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000115874811Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:33.204{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=EF7C5C043FD50055249399E504A15499,SHA256=805C29A7F6F96E7500C62142F3443DBF39F4EF80BAE76D73A17AAA3593449342,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874810Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:33.088{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=38A714702D9A60B9CE6F88B29BF7F54C,SHA256=F04D9727EC71923056F014398A919DAE2F50842BA7AF5ECA5959F29ED200C2A2,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000115874809Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:33.088{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B18DCCB1173FD0A4285268BC1362DB33,SHA256=0DCCB1374613835B192C88328ECF61947713BEFCECE4B32429ED2A27EF15931C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x8000000000000000115874808Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:33.073{3BF36828-7B3C-619D-93D0-02000000CC01}13403780C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{3BF36828-989D-6185-BF00-00000000CC01}2968C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x8000000000000000115874807Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:33.073{3BF36828-7B3C-619D-93D0-02000000CC01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x8000000000000000115874806Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:33.073{3BF36828-7B3C-619D-93D0-02000000CC01}1340C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 23542300x800000000000000059058994Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:34.922{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1AF1FE66CE6BF89CDCD1AFDCF783414C,SHA256=7616C2B9C7DB93F6D422A278DFB98EE935A6784E4911DF336C700EEB236B6565,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x8000000000000000115874964Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:34.951{3BF36828-7B3E-619D-96D0-02000000CC01}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x8000000000000000115874963Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:34.951{3BF36828-7B3E-619D-96D0-02000000CC01}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=B6E99FD898E948657373BB02708C7C00,SHA256=90476029BD7AB0FEC53AAE567AE53BC0B09C7C5C8C7B8F19485BA872B74ED591,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x8000000000000000115874962Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:34.951{3BF36828-7B3E-619D-96D0-02000000CC01}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x8000000000000000115874961Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:34.951{3BF36828-7B3E-619D-96D0-02000000CC01}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x8000000000000000115874960Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:34.951{3BF36828-7B3E-619D-96D0-02000000CC01}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x8000000000000000115874959Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:34.951{3BF36828-7B3E-619D-96D0-02000000CC01}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x8000000000000000115874958Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:34.951{3BF36828-7B3E-619D-96D0-02000000CC01}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x8000000000000000115874957Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:34.951{3BF36828-7B3E-619D-96D0-02000000CC01}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x8000000000000000115874956Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:34.935{3BF36828-7B3E-619D-96D0-02000000CC01}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x8000000000000000115874955Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:34.935{3BF36828-7B3E-619D-96D0-02000000CC01}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x8000000000000000115874954Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:34.935{3BF36828-7B3E-619D-96D0-02000000CC01}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x8000000000000000115874953Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:34.935{3BF36828-7B3E-619D-96D0-02000000CC01}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x8000000000000000115874952Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:34.935{3BF36828-7B3E-619D-96D0-02000000CC01}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=88632FDECDE467B887C3594BE2EC545C,SHA256=FFED4D80961917C785063411ED15CED1DB6588AD925E76D72E1BF684FFDBF25D,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x8000000000000000115874951Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:34.935{3BF36828-7B3E-619D-96D0-02000000CC01}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x8000000000000000115874950Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:34.935{3BF36828-7B3E-619D-96D0-02000000CC01}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x8000000000000000115874949Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:34.935{3BF36828-7B3E-619D-96D0-02000000CC01}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x8000000000000000115874948Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:34.935{3BF36828-7B3E-619D-96D0-02000000CC01}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x8000000000000000115874947Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:34.935{3BF36828-7B3E-619D-96D0-02000000CC01}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000115874946Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:34.935{3BF36828-7B3E-619D-96D0-02000000CC01}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x8000000000000000115874945Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:34.935{3BF36828-7B3E-619D-96D0-02000000CC01}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x8000000000000000115874944Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:34.935{3BF36828-7B3E-619D-96D0-02000000CC01}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x8000000000000000115874943Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:34.935{3BF36828-7B3E-619D-96D0-02000000CC01}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x8000000000000000115874942Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:34.935{3BF36828-7B3E-619D-96D0-02000000CC01}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x8000000000000000115874941Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:34.935{3BF36828-7B3E-619D-96D0-02000000CC01}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x8000000000000000115874940Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:34.935{3BF36828-7B3E-619D-96D0-02000000CC01}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x8000000000000000115874939Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:34.935{3BF36828-7B3E-619D-96D0-02000000CC01}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x8000000000000000115874938Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:34.935{3BF36828-7B3E-619D-96D0-02000000CC01}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4350 (rs1_release.210407-2154)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=BC930981DA6E598A6A2E87D8355CB38A,SHA256=34DB9A305C0574B5C1694A499221B520DFB2BFD894D8E95096ABF09F1182D758,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x8000000000000000115874937Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:34.935{3BF36828-7B3E-619D-96D0-02000000CC01}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x8000000000000000115874936Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:34.935{3BF36828-7B3E-619D-96D0-02000000CC01}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x8000000000000000115874935Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:34.935{3BF36828-7B3E-619D-96D0-02000000CC01}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x8000000000000000115874934Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:34.935{3BF36828-7B3E-619D-96D0-02000000CC01}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x8000000000000000115874933Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:34.935{3BF36828-7B3E-619D-96D0-02000000CC01}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x8000000000000000115874932Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:34.935{3BF36828-7B3E-619D-96D0-02000000CC01}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x8000000000000000115874931Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:34.935{3BF36828-7B3E-619D-96D0-02000000CC01}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x8000000000000000115874930Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:34.935{3BF36828-7B3E-619D-96D0-02000000CC01}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.2969 (rs1_release.190503-1820)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=F5442C4B9A99C3AED71BED79AC46DAD1,SHA256=05F47403F3BD93FB11F39A5CB4D6E4DD08B35FF4FA3D4969D8E5396D38FB484B,IMPHASH=D2F471BB25AF6310EB67BD4EA99B4DBCtrueMicrosoft WindowsValid 10341000x8000000000000000115874929Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:34.935{3BF36828-989E-6185-C300-00000000CC01}59565960C:\Windows\system32\conhost.exe{3BF36828-7B3E-619D-96D0-02000000CC01}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x8000000000000000115874928Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:34.935{3BF36828-7B3E-619D-96D0-02000000CC01}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x8000000000000000115874927Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:34.935{3BF36828-7B3E-619D-96D0-02000000CC01}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x8000000000000000115874926Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:34.935{3BF36828-7B3E-619D-96D0-02000000CC01}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000115874925Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:34.935{3BF36828-7B3E-619D-96D0-02000000CC01}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1CtrueSplunk, Inc.Valid 10341000x8000000000000000115874924Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:34.935{3BF36828-9799-6185-0C00-00000000CC01}844988C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115874923Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:34.935{3BF36828-9799-6185-0C00-00000000CC01}844988C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115874922Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:34.935{3BF36828-9799-6185-0C00-00000000CC01}844988C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115874921Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:34.935{3BF36828-9799-6185-0C00-00000000CC01}844988C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115874920Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:34.935{3BF36828-9797-6185-0500-00000000CC01}420536C:\Windows\system32\csrss.exe{3BF36828-7B3E-619D-96D0-02000000CC01}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000115874919Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:34.935{3BF36828-989D-6185-BF00-00000000CC01}29682452C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3BF36828-7B3E-619D-96D0-02000000CC01}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000115874918Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:34.921{3BF36828-7B3E-619D-96D0-02000000CC01}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{3BF36828-9797-6185-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{3BF36828-989D-6185-BF00-00000000CC01}2968C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000115874917Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:34.535{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=9C55AB5261473FAF03748ED371519775,SHA256=79DBAD0CF7A7063B6D139B73BDD49BD078744825AF86A427B972C379ED350F24,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x8000000000000000115874916Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:34.435{3BF36828-7B3E-619D-95D0-02000000CC01}1068C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 10341000x8000000000000000115874915Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:34.435{3BF36828-7B3E-619D-95D0-02000000CC01}1068364C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{3BF36828-989D-6185-BF00-00000000CC01}2968C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x8000000000000000115874914Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:34.419{3BF36828-7B3E-619D-95D0-02000000CC01}1068C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x8000000000000000115874913Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:34.419{3BF36828-7B3E-619D-95D0-02000000CC01}1068C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x8000000000000000115874912Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:34.273{3BF36828-7B3E-619D-95D0-02000000CC01}1068C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x8000000000000000115874911Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:34.273{3BF36828-7B3E-619D-95D0-02000000CC01}1068C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=B6E99FD898E948657373BB02708C7C00,SHA256=90476029BD7AB0FEC53AAE567AE53BC0B09C7C5C8C7B8F19485BA872B74ED591,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x8000000000000000115874910Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:34.273{3BF36828-7B3E-619D-95D0-02000000CC01}1068C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x8000000000000000115874909Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:34.273{3BF36828-7B3E-619D-95D0-02000000CC01}1068C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x8000000000000000115874908Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:34.273{3BF36828-7B3E-619D-95D0-02000000CC01}1068C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x8000000000000000115874907Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:34.273{3BF36828-7B3E-619D-95D0-02000000CC01}1068C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x8000000000000000115874906Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:34.273{3BF36828-7B3E-619D-95D0-02000000CC01}1068C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x8000000000000000115874905Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:34.272{3BF36828-7B3E-619D-95D0-02000000CC01}1068C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x8000000000000000115874904Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:34.251{3BF36828-7B3E-619D-95D0-02000000CC01}1068C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x8000000000000000115874903Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:34.251{3BF36828-7B3E-619D-95D0-02000000CC01}1068C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x8000000000000000115874902Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:34.251{3BF36828-7B3E-619D-95D0-02000000CC01}1068C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x8000000000000000115874901Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:34.251{3BF36828-7B3E-619D-95D0-02000000CC01}1068C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x8000000000000000115874900Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:34.251{3BF36828-7B3E-619D-95D0-02000000CC01}1068C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x8000000000000000115874899Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:34.251{3BF36828-7B3E-619D-95D0-02000000CC01}1068C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x8000000000000000115874898Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:34.251{3BF36828-7B3E-619D-95D0-02000000CC01}1068C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\combase.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=88632FDECDE467B887C3594BE2EC545C,SHA256=FFED4D80961917C785063411ED15CED1DB6588AD925E76D72E1BF684FFDBF25D,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x8000000000000000115874897Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:34.251{3BF36828-7B3E-619D-95D0-02000000CC01}1068C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x8000000000000000115874896Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:34.251{3BF36828-7B3E-619D-95D0-02000000CC01}1068C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x8000000000000000115874895Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:34.251{3BF36828-7B3E-619D-95D0-02000000CC01}1068C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000115874894Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:34.251{3BF36828-7B3E-619D-95D0-02000000CC01}1068C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x8000000000000000115874893Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:34.251{3BF36828-7B3E-619D-95D0-02000000CC01}1068C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x8000000000000000115874892Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:34.251{3BF36828-7B3E-619D-95D0-02000000CC01}1068C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x8000000000000000115874891Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:34.251{3BF36828-7B3E-619D-95D0-02000000CC01}1068C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x8000000000000000115874890Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:34.251{3BF36828-7B3E-619D-95D0-02000000CC01}1068C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x8000000000000000115874889Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:34.251{3BF36828-7B3E-619D-95D0-02000000CC01}1068C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x8000000000000000115874888Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:34.251{3BF36828-7B3E-619D-95D0-02000000CC01}1068C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x8000000000000000115874887Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:34.251{3BF36828-7B3E-619D-95D0-02000000CC01}1068C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4350 (rs1_release.210407-2154)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=BC930981DA6E598A6A2E87D8355CB38A,SHA256=34DB9A305C0574B5C1694A499221B520DFB2BFD894D8E95096ABF09F1182D758,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x8000000000000000115874886Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:34.251{3BF36828-7B3E-619D-95D0-02000000CC01}1068C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x8000000000000000115874885Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:34.251{3BF36828-7B3E-619D-95D0-02000000CC01}1068C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x8000000000000000115874884Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:34.251{3BF36828-7B3E-619D-95D0-02000000CC01}1068C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x8000000000000000115874883Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:34.251{3BF36828-7B3E-619D-95D0-02000000CC01}1068C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x8000000000000000115874882Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:34.251{3BF36828-7B3E-619D-95D0-02000000CC01}1068C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x8000000000000000115874881Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:34.251{3BF36828-7B3E-619D-95D0-02000000CC01}1068C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x8000000000000000115874880Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:34.251{3BF36828-7B3E-619D-95D0-02000000CC01}1068C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5,IMPHASH=0D8FF9DE2DA5C07D680347B1A098E759trueMicrosoft WindowsValid 734700x8000000000000000115874879Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:34.251{3BF36828-7B3E-619D-95D0-02000000CC01}1068C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x8000000000000000115874878Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:34.251{3BF36828-7B3E-619D-95D0-02000000CC01}1068C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x8000000000000000115874877Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:34.251{3BF36828-7B3E-619D-95D0-02000000CC01}1068C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\advapi32.dll10.0.14393.2969 (rs1_release.190503-1820)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=F5442C4B9A99C3AED71BED79AC46DAD1,SHA256=05F47403F3BD93FB11F39A5CB4D6E4DD08B35FF4FA3D4969D8E5396D38FB484B,IMPHASH=D2F471BB25AF6310EB67BD4EA99B4DBCtrueMicrosoft WindowsValid 10341000x8000000000000000115874876Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:34.251{3BF36828-989E-6185-C300-00000000CC01}59565960C:\Windows\system32\conhost.exe{3BF36828-7B3E-619D-95D0-02000000CC01}1068C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x8000000000000000115874875Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:34.251{3BF36828-7B3E-619D-95D0-02000000CC01}1068C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x8000000000000000115874874Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:34.251{3BF36828-7B3E-619D-95D0-02000000CC01}1068C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x8000000000000000115874873Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:34.251{3BF36828-7B3E-619D-95D0-02000000CC01}1068C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000115874872Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:34.251{3BF36828-7B3E-619D-95D0-02000000CC01}1068C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exeMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25trueSplunk, Inc.Valid 10341000x8000000000000000115874871Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:34.251{3BF36828-9799-6185-0C00-00000000CC01}844988C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115874870Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:34.251{3BF36828-9799-6185-0C00-00000000CC01}844988C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115874869Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:34.251{3BF36828-9799-6185-0C00-00000000CC01}844988C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115874868Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:34.251{3BF36828-9799-6185-0C00-00000000CC01}844988C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115874867Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:34.251{3BF36828-9797-6185-0500-00000000CC01}420412C:\Windows\system32\csrss.exe{3BF36828-7B3E-619D-95D0-02000000CC01}1068C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000115874866Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:34.251{3BF36828-989D-6185-BF00-00000000CC01}29682452C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3BF36828-7B3E-619D-95D0-02000000CC01}1068C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000115874865Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:34.236{3BF36828-7B3E-619D-95D0-02000000CC01}1068C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{3BF36828-9797-6185-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{3BF36828-989D-6185-BF00-00000000CC01}2968C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000059058995Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:20.933{B81B27B7-28BE-6193-7E00-00000000CC01}5272C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58137-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x8000000000000000115875026Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:35.920{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B5DB6FE34088789A4B5AC77B5B092522,SHA256=D766BE830E0FDB7D0D4514581B204DF80542CE1F35C8D434E93630004111ACC5,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x8000000000000000115875025Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:35.788{3BF36828-7B3F-619D-97D0-02000000CC01}7416C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x8000000000000000115875024Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:35.788{3BF36828-7B3F-619D-97D0-02000000CC01}7416C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x8000000000000000115875023Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:35.788{3BF36828-7B3F-619D-97D0-02000000CC01}7416C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 23542300x8000000000000000115875022Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:35.669{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7E747C134A5FCF60B3A6912E07F77146,SHA256=EB548C64657297715F8AFC9CED69946E687A3BFC69C705C084AB3E84730604B1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x8000000000000000115875021Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:35.635{3BF36828-7B3F-619D-97D0-02000000CC01}7416C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x8000000000000000115875020Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:35.635{3BF36828-7B3F-619D-97D0-02000000CC01}7416C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=B6E99FD898E948657373BB02708C7C00,SHA256=90476029BD7AB0FEC53AAE567AE53BC0B09C7C5C8C7B8F19485BA872B74ED591,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x8000000000000000115875019Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:35.635{3BF36828-7B3F-619D-97D0-02000000CC01}7416C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x8000000000000000115875018Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:35.635{3BF36828-7B3F-619D-97D0-02000000CC01}7416C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x8000000000000000115875017Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:35.635{3BF36828-7B3F-619D-97D0-02000000CC01}7416C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x8000000000000000115875016Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:35.635{3BF36828-7B3F-619D-97D0-02000000CC01}7416C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x8000000000000000115875015Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:35.635{3BF36828-7B3F-619D-97D0-02000000CC01}7416C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x8000000000000000115875014Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:35.635{3BF36828-7B3F-619D-97D0-02000000CC01}7416C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x8000000000000000115875013Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:35.620{3BF36828-7B3F-619D-97D0-02000000CC01}7416C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sspicli.dll10.0.14393.2580 (rs1_release_inmarket.181009-1745)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=5061339CE61C0B32DB8F51A95E3B2422,SHA256=60558CA374334D4C6BBAD475921538C14A9FF3422893348A0503C1F33015FD25,IMPHASH=4B1C9487A6420C18F688F0EC5BEB6F33trueMicrosoft WindowsValid 734700x8000000000000000115875012Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:35.620{3BF36828-7B3F-619D-97D0-02000000CC01}7416C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x8000000000000000115875011Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:35.620{3BF36828-7B3F-619D-97D0-02000000CC01}7416C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x8000000000000000115875010Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:35.620{3BF36828-7B3F-619D-97D0-02000000CC01}7416C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x8000000000000000115875009Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:35.620{3BF36828-7B3F-619D-97D0-02000000CC01}7416C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x8000000000000000115875008Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:35.620{3BF36828-7B3F-619D-97D0-02000000CC01}7416C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\combase.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=88632FDECDE467B887C3594BE2EC545C,SHA256=FFED4D80961917C785063411ED15CED1DB6588AD925E76D72E1BF684FFDBF25D,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x8000000000000000115875007Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:35.620{3BF36828-7B3F-619D-97D0-02000000CC01}7416C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x8000000000000000115875006Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:35.620{3BF36828-7B3F-619D-97D0-02000000CC01}7416C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x8000000000000000115875005Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:35.620{3BF36828-7B3F-619D-97D0-02000000CC01}7416C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x8000000000000000115875004Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:35.620{3BF36828-7B3F-619D-97D0-02000000CC01}7416C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x8000000000000000115875003Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:35.620{3BF36828-7B3F-619D-97D0-02000000CC01}7416C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x8000000000000000115875002Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:35.620{3BF36828-7B3F-619D-97D0-02000000CC01}7416C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x8000000000000000115875001Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:35.620{3BF36828-7B3F-619D-97D0-02000000CC01}7416C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x8000000000000000115875000Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:35.620{3BF36828-7B3F-619D-97D0-02000000CC01}7416C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x8000000000000000115874999Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:35.620{3BF36828-7B3F-619D-97D0-02000000CC01}7416C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x8000000000000000115874998Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:35.620{3BF36828-7B3F-619D-97D0-02000000CC01}7416C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x8000000000000000115874997Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:35.620{3BF36828-7B3F-619D-97D0-02000000CC01}7416C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x8000000000000000115874996Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:35.620{3BF36828-7B3F-619D-97D0-02000000CC01}7416C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000115874995Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:35.620{3BF36828-7B3F-619D-97D0-02000000CC01}7416C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x8000000000000000115874994Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:35.620{3BF36828-7B3F-619D-97D0-02000000CC01}7416C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x8000000000000000115874993Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:35.620{3BF36828-7B3F-619D-97D0-02000000CC01}7416C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x8000000000000000115874992Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:35.620{3BF36828-7B3F-619D-97D0-02000000CC01}7416C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x8000000000000000115874991Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:35.620{3BF36828-7B3F-619D-97D0-02000000CC01}7416C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\nsi.dll10.0.14393.3297 (rs1_release_1.191001-1045)NSI User-mode interface DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationnsi.dllMD5=994E2A6D2A0B38E0968B3998E42033AC,SHA256=491F2D1DE09C39B324BCF5800198AC7CCE755F4023F1FEB3854D33716461BC27,IMPHASH=B01B7830101BC0D5FBDE4FFE2B170CF7trueMicrosoft WindowsValid 734700x8000000000000000115874990Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:35.620{3BF36828-7B3F-619D-97D0-02000000CC01}7416C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x8000000000000000115874989Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:35.620{3BF36828-7B3F-619D-97D0-02000000CC01}7416C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x8000000000000000115874988Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:35.620{3BF36828-7B3F-619D-97D0-02000000CC01}7416C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dnsapi.dll10.0.14393.4350 (rs1_release.210407-2154)DNS Client API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationdnsapiMD5=D7651F99299B13D576A72643BFC44944,SHA256=589302E630C473DBDF4CE92C59F00B029FCA0C228E7111A764166E16025FA1A9,IMPHASH=3C043C6FF0F62DAEB8819606F79C5ECCtrueMicrosoft WindowsValid 734700x8000000000000000115874987Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:35.620{3BF36828-7B3F-619D-97D0-02000000CC01}7416C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\IPHLPAPI.DLL10.0.14393.2339 (rs1_release_inmarket.180611-1502)IP Helper APIMicrosoft® Windows® Operating SystemMicrosoft Corporationiphlpapi.dllMD5=3CD38EDF9CA12F91131EDEE32D1C9DF5,SHA256=AF2440640BF8BDEAAF0DECDD7C354158E415ED0AA340ABA7A6CCCDC09C1E728B,IMPHASH=98738BA55485CCA932F6D222F47FFC55trueMicrosoft WindowsValid 734700x8000000000000000115874986Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:35.620{3BF36828-7B3F-619D-97D0-02000000CC01}7416C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5,IMPHASH=0D8FF9DE2DA5C07D680347B1A098E759trueMicrosoft WindowsValid 734700x8000000000000000115874985Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:35.620{3BF36828-7B3F-619D-97D0-02000000CC01}7416C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\advapi32.dll10.0.14393.2969 (rs1_release.190503-1820)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=F5442C4B9A99C3AED71BED79AC46DAD1,SHA256=05F47403F3BD93FB11F39A5CB4D6E4DD08B35FF4FA3D4969D8E5396D38FB484B,IMPHASH=D2F471BB25AF6310EB67BD4EA99B4DBCtrueMicrosoft WindowsValid 734700x8000000000000000115874984Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:35.620{3BF36828-7B3F-619D-97D0-02000000CC01}7416C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4350 (rs1_release.210407-2154)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=BC930981DA6E598A6A2E87D8355CB38A,SHA256=34DB9A305C0574B5C1694A499221B520DFB2BFD894D8E95096ABF09F1182D758,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x8000000000000000115874983Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:35.620{3BF36828-7B3F-619D-97D0-02000000CC01}7416C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x8000000000000000115874982Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:35.620{3BF36828-7B3F-619D-97D0-02000000CC01}7416C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 10341000x8000000000000000115874981Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:35.620{3BF36828-989E-6185-C300-00000000CC01}59565960C:\Windows\system32\conhost.exe{3BF36828-7B3F-619D-97D0-02000000CC01}7416C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x8000000000000000115874980Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:35.620{3BF36828-7B3F-619D-97D0-02000000CC01}7416C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x8000000000000000115874979Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:35.620{3BF36828-7B3F-619D-97D0-02000000CC01}7416C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x8000000000000000115874978Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:35.620{3BF36828-7B3F-619D-97D0-02000000CC01}7416C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000115874977Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:35.620{3BF36828-7B3F-619D-97D0-02000000CC01}7416C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exeMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AECtrueSplunk, Inc.Valid 10341000x8000000000000000115874976Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:35.620{3BF36828-9799-6185-0C00-00000000CC01}844988C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115874975Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:35.620{3BF36828-9799-6185-0C00-00000000CC01}844988C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115874974Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:35.620{3BF36828-9799-6185-0C00-00000000CC01}844988C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115874973Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:35.620{3BF36828-9799-6185-0C00-00000000CC01}844988C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115874972Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:35.620{3BF36828-9797-6185-0500-00000000CC01}420436C:\Windows\system32\csrss.exe{3BF36828-7B3F-619D-97D0-02000000CC01}7416C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000115874971Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:35.620{3BF36828-989D-6185-BF00-00000000CC01}29682452C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3BF36828-7B3F-619D-97D0-02000000CC01}7416C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000115874970Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:35.605{3BF36828-7B3F-619D-97D0-02000000CC01}7416C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{3BF36828-9797-6185-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{3BF36828-989D-6185-BF00-00000000CC01}2968C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 734700x8000000000000000115874969Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:35.135{3BF36828-7B3E-619D-96D0-02000000CC01}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 10341000x8000000000000000115874968Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:35.135{3BF36828-7B3E-619D-96D0-02000000CC01}35646952C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{3BF36828-989D-6185-BF00-00000000CC01}2968C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x8000000000000000115874967Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:35.135{3BF36828-7B3E-619D-96D0-02000000CC01}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x8000000000000000115874966Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:35.135{3BF36828-7B3E-619D-96D0-02000000CC01}3564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 23542300x8000000000000000115874965Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:35.051{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=43A7FDB1DF04FBD220B7C1494575BCC8,SHA256=CD0355C755327EB26FBD6220BC18C7DB64C27B75F5E6FB6CEF0FC3429F575471,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000059058996Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-23 23:37:36.000{B81B27B7-28C5-6193-8A00-00000000CC01}5780NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=40D64F1C0F0F4884A666EB23131E910D,SHA256=FBA69E8B28DDA604F7B71D044D56BA741C43CB21673E3294511B62B68499F341,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x8000000000000000115875078Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:36.504{3BF36828-7B40-619D-98D0-02000000CC01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x8000000000000000115875077Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:36.504{3BF36828-7B40-619D-98D0-02000000CC01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x8000000000000000115875076Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:36.504{3BF36828-7B40-619D-98D0-02000000CC01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x8000000000000000115875075Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:36.319{3BF36828-7B40-619D-98D0-02000000CC01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x8000000000000000115875074Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:36.319{3BF36828-7B40-619D-98D0-02000000CC01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=B6E99FD898E948657373BB02708C7C00,SHA256=90476029BD7AB0FEC53AAE567AE53BC0B09C7C5C8C7B8F19485BA872B74ED591,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x8000000000000000115875073Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:36.319{3BF36828-7B40-619D-98D0-02000000CC01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x8000000000000000115875072Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:36.319{3BF36828-7B40-619D-98D0-02000000CC01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x8000000000000000115875071Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:36.319{3BF36828-7B40-619D-98D0-02000000CC01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x8000000000000000115875070Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:36.319{3BF36828-7B40-619D-98D0-02000000CC01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x8000000000000000115875069Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:36.319{3BF36828-7B40-619D-98D0-02000000CC01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x8000000000000000115875068Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:36.304{3BF36828-7B40-619D-98D0-02000000CC01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x8000000000000000115875067Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:36.304{3BF36828-7B40-619D-98D0-02000000CC01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x8000000000000000115875066Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:36.304{3BF36828-7B40-619D-98D0-02000000CC01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x8000000000000000115875065Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:36.304{3BF36828-7B40-619D-98D0-02000000CC01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x8000000000000000115875064Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:36.304{3BF36828-7B40-619D-98D0-02000000CC01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x8000000000000000115875063Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:36.304{3BF36828-7B40-619D-98D0-02000000CC01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x8000000000000000115875062Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:36.304{3BF36828-7B40-619D-98D0-02000000CC01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x8000000000000000115875061Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:36.304{3BF36828-7B40-619D-98D0-02000000CC01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\winspool.drv10.0.14393.4169 (rs1_release.210107-1130)Windows Spooler DriverMicrosoft® Windows® Operating SystemMicrosoft Corporationwinspool.drvMD5=D21FAA584F844E61375D95B5BE9115EE,SHA256=E221EA0081FDE7AAAD71A38016A8D470082B3732E9ED2D8ED7C97E9F41AF0045,IMPHASH=2005807FD04567B79F4109D23F9E6018trueMicrosoft WindowsValid 734700x8000000000000000115875060Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:36.304{3BF36828-7B40-619D-98D0-02000000CC01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x8000000000000000115875059Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:36.304{3BF36828-7B40-619D-98D0-02000000CC01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x8000000000000000115875058Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:36.304{3BF36828-7B40-619D-98D0-02000000CC01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x8000000000000000115875057Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:36.304{3BF36828-7B40-619D-98D0-02000000CC01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x8000000000000000115875056Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:36.304{3BF36828-7B40-619D-98D0-02000000CC01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\combase.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=88632FDECDE467B887C3594BE2EC545C,SHA256=FFED4D80961917C785063411ED15CED1DB6588AD925E76D72E1BF684FFDBF25D,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x8000000000000000115875055Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:36.304{3BF36828-7B40-619D-98D0-02000000CC01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x8000000000000000115875054Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:36.304{3BF36828-7B40-619D-98D0-02000000CC01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x8000000000000000115875053Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:36.304{3BF36828-7B40-619D-98D0-02000000CC01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x8000000000000000115875052Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:36.304{3BF36828-7B40-619D-98D0-02000000CC01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x8000000000000000115875051Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:36.304{3BF36828-7B40-619D-98D0-02000000CC01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x8000000000000000115875050Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:36.304{3BF36828-7B40-619D-98D0-02000000CC01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x8000000000000000115875049Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:36.304{3BF36828-7B40-619D-98D0-02000000CC01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x8000000000000000115875048Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:36.304{3BF36828-7B40-619D-98D0-02000000CC01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x8000000000000000115875047Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:36.304{3BF36828-7B40-619D-98D0-02000000CC01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4350 (rs1_release.210407-2154)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=BC930981DA6E598A6A2E87D8355CB38A,SHA256=34DB9A305C0574B5C1694A499221B520DFB2BFD894D8E95096ABF09F1182D758,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x8000000000000000115875046Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:36.304{3BF36828-7B40-619D-98D0-02000000CC01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x8000000000000000115875045Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:36.304{3BF36828-7B40-619D-98D0-02000000CC01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x8000000000000000115875044Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:36.304{3BF36828-7B40-619D-98D0-02000000CC01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\advapi32.dll10.0.14393.2969 (rs1_release.190503-1820)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=F5442C4B9A99C3AED71BED79AC46DAD1,SHA256=05F47403F3BD93FB11F39A5CB4D6E4DD08B35FF4FA3D4969D8E5396D38FB484B,IMPHASH=D2F471BB25AF6310EB67BD4EA99B4DBCtrueMicrosoft WindowsValid 734700x8000000000000000115875043Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:36.304{3BF36828-7B40-619D-98D0-02000000CC01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x8000000000000000115875042Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:36.304{3BF36828-7B40-619D-98D0-02000000CC01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x8000000000000000115875041Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:36.304{3BF36828-7B40-619D-98D0-02000000CC01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000115875040Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:36.304{3BF36828-7B40-619D-98D0-02000000CC01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 10341000x8000000000000000115875039Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:36.304{3BF36828-989E-6185-C300-00000000CC01}59565960C:\Windows\system32\conhost.exe{3BF36828-7B40-619D-98D0-02000000CC01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x8000000000000000115875038Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:36.304{3BF36828-7B40-619D-98D0-02000000CC01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x8000000000000000115875037Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:36.304{3BF36828-7B40-619D-98D0-02000000CC01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x8000000000000000115875036Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:36.304{3BF36828-7B40-619D-98D0-02000000CC01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000115875035Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:36.304{3BF36828-7B40-619D-98D0-02000000CC01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exeMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748trueSplunk, Inc.Valid 10341000x8000000000000000115875034Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:36.304{3BF36828-9799-6185-0C00-00000000CC01}844988C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115875033Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:36.304{3BF36828-9799-6185-0C00-00000000CC01}844988C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115875032Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:36.304{3BF36828-9799-6185-0C00-00000000CC01}844988C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115875031Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:36.304{3BF36828-9799-6185-0C00-00000000CC01}844988C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000115875030Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:36.304{3BF36828-9797-6185-0500-00000000CC01}420436C:\Windows\system32\csrss.exe{3BF36828-7B40-619D-98D0-02000000CC01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000115875029Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:36.304{3BF36828-989D-6185-BF00-00000000CC01}29682452C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3BF36828-7B40-619D-98D0-02000000CC01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000115875028Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:36.289{3BF36828-7B40-619D-98D0-02000000CC01}428C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{3BF36828-9797-6185-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{3BF36828-989D-6185-BF00-00000000CC01}2968C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000115875027Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-23 23:37:36.020{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5EB2509997A9BA4713780F8AE9529863,SHA256=8F2B1A4CB77AB95922FFE1A46A6F4DEBC93B48A24E873E0007B45FFA29638B09,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space