23542300x8000000000000000107409016Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:30:56.492{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C08771788FEFEAE72512264C16FFBE20,SHA256=6395DFAB5CC24AC0D4F4A321BEB80260612FF3EC721CE92E9EF6A6894C0D0B74,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000055905352Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:30:56.389{B81B27B7-F668-6183-3000-00000000CA01}32323252C:\Windows\system32\conhost.exe{B81B27B7-A4D0-618E-B342-01000000CA01}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000055905351Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:30:56.389{B81B27B7-F665-6183-0C00-00000000CA01}7325192C:\Windows\system32\svchost.exe{B81B27B7-F667-6183-2400-00000000CA01}1692C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000055905350Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:30:56.389{B81B27B7-F665-6183-0C00-00000000CA01}7325192C:\Windows\system32\svchost.exe{B81B27B7-F667-6183-2400-00000000CA01}1692C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000055905349Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:30:56.389{B81B27B7-F665-6183-0C00-00000000CA01}7325192C:\Windows\system32\svchost.exe{B81B27B7-F667-6183-2400-00000000CA01}1692C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000055905348Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:30:56.389{B81B27B7-F665-6183-0C00-00000000CA01}7325192C:\Windows\system32\svchost.exe{B81B27B7-F667-6183-2400-00000000CA01}1692C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000055905347Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:30:56.389{B81B27B7-F665-6183-0C00-00000000CA01}7325192C:\Windows\system32\svchost.exe{B81B27B7-F667-6183-2400-00000000CA01}1692C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000055905346Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:30:56.389{B81B27B7-F665-6183-0C00-00000000CA01}7325192C:\Windows\system32\svchost.exe{B81B27B7-F667-6183-2400-00000000CA01}1692C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000055905345Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:30:56.389{B81B27B7-F665-6183-0C00-00000000CA01}7325192C:\Windows\system32\svchost.exe{B81B27B7-F667-6183-2400-00000000CA01}1692C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000055905344Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:30:56.389{B81B27B7-F665-6183-0C00-00000000CA01}7325192C:\Windows\system32\svchost.exe{B81B27B7-F667-6183-2400-00000000CA01}1692C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000055905343Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:30:56.389{B81B27B7-F665-6183-0C00-00000000CA01}7325192C:\Windows\system32\svchost.exe{B81B27B7-F667-6183-2400-00000000CA01}1692C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000055905342Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:30:56.389{B81B27B7-F665-6183-0500-00000000CA01}412428C:\Windows\system32\csrss.exe{B81B27B7-A4D0-618E-B342-01000000CA01}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000055905341Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:30:56.389{B81B27B7-F667-6183-2200-00000000CA01}17483236C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{B81B27B7-A4D0-618E-B342-01000000CA01}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000055905340Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:30:56.374{B81B27B7-A4D0-618E-B342-01000000CA01}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{B81B27B7-F665-6183-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{B81B27B7-F667-6183-2200-00000000CA01}1748C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000107409017Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:30:57.617{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=99D6B30FAF8540059CA5117CEEF4DC9A,SHA256=FBB5EAABA393FD83CD70D65D0B5442F3FA4A3DF1CDE47983D425B6246A17DEB7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000055905369Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:30:57.404{B81B27B7-F679-6183-7300-00000000CA01}3824NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B360EF509D233EE5E76A6854AD5DFDED,SHA256=046E3CDF3466A4593CA31093E5394C64619B32F300FF0815A1551763E4BD964A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000055905368Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:30:57.404{B81B27B7-F679-6183-7300-00000000CA01}3824NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B62D506A8864B9AAD5470B220EB23970,SHA256=4B68357802421B45D13334B459CA368C59AC623DA7D0DA5832BB9912BAD5E91B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000055905367Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:30:57.186{B81B27B7-A4D0-618E-B442-01000000CA01}32405432C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{B81B27B7-F667-6183-2200-00000000CA01}1748C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000055905366Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:30:57.076{B81B27B7-F679-6183-7300-00000000CA01}3824NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=49035883837012815F1BED29FF4BFFE8,SHA256=2B8ED07A5620231CB66EAA52AF6C9D90ABC7DC25CE3FF236353791E01C0A24A0,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000055905365Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:30:57.014{B81B27B7-F668-6183-3000-00000000CA01}32323252C:\Windows\system32\conhost.exe{B81B27B7-A4D0-618E-B442-01000000CA01}3240C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000055905364Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:30:56.998{B81B27B7-F665-6183-0C00-00000000CA01}7325192C:\Windows\system32\svchost.exe{B81B27B7-F667-6183-2400-00000000CA01}1692C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000055905363Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:30:56.998{B81B27B7-F665-6183-0C00-00000000CA01}7325192C:\Windows\system32\svchost.exe{B81B27B7-F667-6183-2400-00000000CA01}1692C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000055905362Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:30:56.998{B81B27B7-F665-6183-0C00-00000000CA01}7325192C:\Windows\system32\svchost.exe{B81B27B7-F667-6183-2400-00000000CA01}1692C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000055905361Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:30:56.998{B81B27B7-F665-6183-0C00-00000000CA01}7325192C:\Windows\system32\svchost.exe{B81B27B7-F667-6183-2400-00000000CA01}1692C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000055905360Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:30:56.998{B81B27B7-F665-6183-0C00-00000000CA01}7325192C:\Windows\system32\svchost.exe{B81B27B7-F667-6183-2400-00000000CA01}1692C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000055905359Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:30:56.998{B81B27B7-F665-6183-0C00-00000000CA01}7325192C:\Windows\system32\svchost.exe{B81B27B7-F667-6183-2400-00000000CA01}1692C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000055905358Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:30:56.998{B81B27B7-F665-6183-0C00-00000000CA01}7325192C:\Windows\system32\svchost.exe{B81B27B7-F667-6183-2400-00000000CA01}1692C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000055905357Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:30:56.998{B81B27B7-F665-6183-0C00-00000000CA01}7325192C:\Windows\system32\svchost.exe{B81B27B7-F667-6183-2400-00000000CA01}1692C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000055905356Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:30:56.998{B81B27B7-F665-6183-0C00-00000000CA01}7325192C:\Windows\system32\svchost.exe{B81B27B7-F667-6183-2400-00000000CA01}1692C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000055905355Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:30:56.998{B81B27B7-F665-6183-0500-00000000CA01}4122712C:\Windows\system32\csrss.exe{B81B27B7-A4D0-618E-B442-01000000CA01}3240C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000055905354Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:30:56.998{B81B27B7-F667-6183-2200-00000000CA01}17483236C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{B81B27B7-A4D0-618E-B442-01000000CA01}3240C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000055905353Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:30:56.983{B81B27B7-A4D0-618E-B442-01000000CA01}3240C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{B81B27B7-F665-6183-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{B81B27B7-F667-6183-2200-00000000CA01}1748C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000107409018Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:30:58.695{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DAA2E5061686833113B9529031C8C432,SHA256=76FFA80ED316D9D291BFA4848199F09687C8450015E2F2E11F015258DBB75BB8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000055905370Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:30:58.139{B81B27B7-F679-6183-7300-00000000CA01}3824NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=799C77A3D1BC25B239BF23EC4B1412EB,SHA256=9FED17EA59A69AF2B2D23E482FBCA23550372CFFF1DA7932985E9622358DF9E6,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000055905372Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:30:38.654{B81B27B7-F671-6183-6900-00000000CA01}4040C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local62964-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000055905371Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:30:59.357{B81B27B7-F679-6183-7300-00000000CA01}3824NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8149C79E138D23C58CF8481D9ACD9018,SHA256=541ED2A24AF0250683C757965A0E548F9000220697BBED013FF6280444401A2E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000107409019Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:30:59.695{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3436C2891641592764910CB67D481E8B,SHA256=3DDA2AB96CCB408E8BDEB79BC288375042DDFF80AB7FF573E9B0B69F2F4680BD,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x8000000000000000107409023Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:08.478{3BF36828-98A5-6185-ED00-00000000CC01}2352C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local61639-false10.0.1.12-8000- 23542300x8000000000000000107409022Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:00.695{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1F4737876103A14CEBA8C0740B4B12D0,SHA256=7651E3FCBC0FBC00506FB2A5396C2498EB436C76CD416366673220835B3162A1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000055905402Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:00.967{B81B27B7-A4D4-618E-B642-01000000CA01}4772968C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{B81B27B7-F667-6183-2200-00000000CA01}1748C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000055905401Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:00.779{B81B27B7-F668-6183-3000-00000000CA01}32323252C:\Windows\system32\conhost.exe{B81B27B7-A4D4-618E-B642-01000000CA01}4772C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000055905400Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:00.779{B81B27B7-F665-6183-0C00-00000000CA01}7325192C:\Windows\system32\svchost.exe{B81B27B7-F667-6183-2400-00000000CA01}1692C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000055905399Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:00.779{B81B27B7-F665-6183-0C00-00000000CA01}7325192C:\Windows\system32\svchost.exe{B81B27B7-F667-6183-2400-00000000CA01}1692C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000055905398Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:00.779{B81B27B7-F665-6183-0C00-00000000CA01}7325192C:\Windows\system32\svchost.exe{B81B27B7-F667-6183-2400-00000000CA01}1692C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000055905397Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:00.779{B81B27B7-F665-6183-0C00-00000000CA01}7325192C:\Windows\system32\svchost.exe{B81B27B7-F667-6183-2400-00000000CA01}1692C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000055905396Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:00.779{B81B27B7-F665-6183-0C00-00000000CA01}7325192C:\Windows\system32\svchost.exe{B81B27B7-F667-6183-2400-00000000CA01}1692C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000055905395Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:00.779{B81B27B7-F665-6183-0C00-00000000CA01}7325192C:\Windows\system32\svchost.exe{B81B27B7-F667-6183-2400-00000000CA01}1692C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000055905394Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:00.779{B81B27B7-F665-6183-0C00-00000000CA01}7325192C:\Windows\system32\svchost.exe{B81B27B7-F667-6183-2400-00000000CA01}1692C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000055905393Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:00.779{B81B27B7-F665-6183-0C00-00000000CA01}7325192C:\Windows\system32\svchost.exe{B81B27B7-F667-6183-2400-00000000CA01}1692C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000055905392Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:00.779{B81B27B7-F665-6183-0C00-00000000CA01}7325192C:\Windows\system32\svchost.exe{B81B27B7-F667-6183-2400-00000000CA01}1692C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000055905391Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:00.779{B81B27B7-F665-6183-0500-00000000CA01}412532C:\Windows\system32\csrss.exe{B81B27B7-A4D4-618E-B642-01000000CA01}4772C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000055905390Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:00.779{B81B27B7-F667-6183-2200-00000000CA01}17483236C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{B81B27B7-A4D4-618E-B642-01000000CA01}4772C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000055905389Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:00.764{B81B27B7-A4D4-618E-B642-01000000CA01}4772C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{B81B27B7-F665-6183-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{B81B27B7-F667-6183-2200-00000000CA01}1748C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000055905388Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:00.436{B81B27B7-F679-6183-7300-00000000CA01}3824NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=163A4D030DD15BBFC0B994F263E8307D,SHA256=02FCF1BDE7BC4C99B2D81AB517E0B9FCD3C3AA8F7D86189A17EF2437318F4976,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000055905387Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:00.326{B81B27B7-A4D4-618E-B542-01000000CA01}36803184C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{B81B27B7-F667-6183-2200-00000000CA01}1748C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000055905386Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:00.217{B81B27B7-F666-6183-1100-00000000CA01}1000NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=01A5AC4C605605C6E35B3483725442BE,SHA256=1433F96EEB3533DC2C5A7FCC677CDAD8954F417EA1BD0E9E7A38F097D1A49226,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000055905385Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:00.092{B81B27B7-F668-6183-3000-00000000CA01}32323252C:\Windows\system32\conhost.exe{B81B27B7-A4D4-618E-B542-01000000CA01}3680C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000055905384Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:00.092{B81B27B7-F665-6183-0C00-00000000CA01}7325192C:\Windows\system32\svchost.exe{B81B27B7-F667-6183-2400-00000000CA01}1692C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000055905383Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:00.092{B81B27B7-F665-6183-0C00-00000000CA01}7325192C:\Windows\system32\svchost.exe{B81B27B7-F667-6183-2400-00000000CA01}1692C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000055905382Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:00.092{B81B27B7-F665-6183-0C00-00000000CA01}7325192C:\Windows\system32\svchost.exe{B81B27B7-F667-6183-2400-00000000CA01}1692C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000055905381Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:00.092{B81B27B7-F665-6183-0C00-00000000CA01}7325192C:\Windows\system32\svchost.exe{B81B27B7-F667-6183-2400-00000000CA01}1692C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000055905380Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:00.092{B81B27B7-F665-6183-0C00-00000000CA01}7325192C:\Windows\system32\svchost.exe{B81B27B7-F667-6183-2400-00000000CA01}1692C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000055905379Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:00.092{B81B27B7-F665-6183-0C00-00000000CA01}7325192C:\Windows\system32\svchost.exe{B81B27B7-F667-6183-2400-00000000CA01}1692C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000055905378Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:00.092{B81B27B7-F665-6183-0C00-00000000CA01}7325192C:\Windows\system32\svchost.exe{B81B27B7-F667-6183-2400-00000000CA01}1692C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000055905377Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:00.092{B81B27B7-F665-6183-0C00-00000000CA01}7325192C:\Windows\system32\svchost.exe{B81B27B7-F667-6183-2400-00000000CA01}1692C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000055905376Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:00.092{B81B27B7-F665-6183-0C00-00000000CA01}7325192C:\Windows\system32\svchost.exe{B81B27B7-F667-6183-2400-00000000CA01}1692C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000055905375Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:00.092{B81B27B7-F665-6183-0500-00000000CA01}412532C:\Windows\system32\csrss.exe{B81B27B7-A4D4-618E-B542-01000000CA01}3680C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000055905374Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:00.092{B81B27B7-F667-6183-2200-00000000CA01}17483236C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{B81B27B7-A4D4-618E-B542-01000000CA01}3680C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000055905373Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:00.077{B81B27B7-A4D4-618E-B542-01000000CA01}3680C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{B81B27B7-F665-6183-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{B81B27B7-F667-6183-2200-00000000CA01}1748C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000107409021Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:00.086{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B2FBA7AB43C021E6A7AF5BF2039D6998,SHA256=6CCF993147228AAEE086F2AB9DB2AF8802282D8B6123CB726235E5ED161CB849,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000107409020Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:00.086{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=E2315D642AE8973FC459FA727A4954B9,SHA256=C9C8CB4E70F81F3756962856DCA9F9F70B312977BB12E78C4BA78A02E380AC3A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000107409024Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:01.695{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E254AF178CC3038B504C568BE21B79DA,SHA256=6027AB189ADE89340C1765C2BC3118988C28E9A85C3F9B76AD508322DB97C007,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000055905417Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:01.499{B81B27B7-F679-6183-7300-00000000CA01}3824NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=05626C92CC79A90AEE897636924623FB,SHA256=993C55C7F5DDEB67621EC9CA1AA760DE1D2C6581DFE9C6BD222A06C44930C9EC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000055905416Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:01.482{B81B27B7-F668-6183-3000-00000000CA01}32323252C:\Windows\system32\conhost.exe{B81B27B7-A4D5-618E-B742-01000000CA01}2272C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000055905415Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:01.482{B81B27B7-F665-6183-0C00-00000000CA01}7325192C:\Windows\system32\svchost.exe{B81B27B7-F667-6183-2400-00000000CA01}1692C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000055905414Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:01.482{B81B27B7-F665-6183-0C00-00000000CA01}7325192C:\Windows\system32\svchost.exe{B81B27B7-F667-6183-2400-00000000CA01}1692C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000055905413Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:01.467{B81B27B7-F665-6183-0500-00000000CA01}412532C:\Windows\system32\csrss.exe{B81B27B7-A4D5-618E-B742-01000000CA01}2272C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000055905412Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:01.467{B81B27B7-F665-6183-0C00-00000000CA01}7325192C:\Windows\system32\svchost.exe{B81B27B7-F667-6183-2400-00000000CA01}1692C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000055905411Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:01.467{B81B27B7-F665-6183-0C00-00000000CA01}7325192C:\Windows\system32\svchost.exe{B81B27B7-F667-6183-2400-00000000CA01}1692C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000055905410Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:01.467{B81B27B7-F665-6183-0C00-00000000CA01}7325192C:\Windows\system32\svchost.exe{B81B27B7-F667-6183-2400-00000000CA01}1692C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000055905409Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:01.467{B81B27B7-F665-6183-0C00-00000000CA01}7325192C:\Windows\system32\svchost.exe{B81B27B7-F667-6183-2400-00000000CA01}1692C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000055905408Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:01.467{B81B27B7-F665-6183-0C00-00000000CA01}7325192C:\Windows\system32\svchost.exe{B81B27B7-F667-6183-2400-00000000CA01}1692C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000055905407Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:01.467{B81B27B7-F665-6183-0C00-00000000CA01}7325192C:\Windows\system32\svchost.exe{B81B27B7-F667-6183-2400-00000000CA01}1692C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000055905406Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:01.467{B81B27B7-F665-6183-0C00-00000000CA01}7325192C:\Windows\system32\svchost.exe{B81B27B7-F667-6183-2400-00000000CA01}1692C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000055905405Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:01.467{B81B27B7-F667-6183-2200-00000000CA01}17483236C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{B81B27B7-A4D5-618E-B742-01000000CA01}2272C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000055905404Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:01.452{B81B27B7-A4D5-618E-B742-01000000CA01}2272C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{B81B27B7-F665-6183-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{B81B27B7-F667-6183-2200-00000000CA01}1748C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000055905403Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:01.092{B81B27B7-F679-6183-7300-00000000CA01}3824NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B360EF509D233EE5E76A6854AD5DFDED,SHA256=046E3CDF3466A4593CA31093E5394C64619B32F300FF0815A1551763E4BD964A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000107409025Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:02.820{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=42C9414697423BF7FE781859F2AE2F3A,SHA256=1FC4180D506BF837702254D8E852A334F2BC9E7C3930A71E99498D4956AAD614,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000055905419Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:02.717{B81B27B7-F679-6183-7300-00000000CA01}3824NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6D93224F76785CDA54CC4C8A91C602BD,SHA256=4EAC45910B83E14384D626C894A03262A6CCDB90E92E6BC618657E576DCB9502,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000055905418Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:02.545{B81B27B7-F679-6183-7300-00000000CA01}3824NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C1A2F94C4F2D4DD23D0D5F80665ABDC7,SHA256=9E9EB5F017894B21F83FFCA22658D9D153FDFB45AB330731E3FD11B1B56BDE48,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000055905420Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:03.859{B81B27B7-F679-6183-7300-00000000CA01}3824NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2FE0D98728323FFB13D6183AB019B2C2,SHA256=D22A2431C7E00BADC976C0BBE1C28BC02028BBC316EEF6D32964B8722C834516,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000107409026Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:03.086{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B2FBA7AB43C021E6A7AF5BF2039D6998,SHA256=6CCF993147228AAEE086F2AB9DB2AF8802282D8B6123CB726235E5ED161CB849,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000055905421Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:04.937{B81B27B7-F679-6183-7300-00000000CA01}3824NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C1AD19D9143D5998FB89D9BF21B5BCB1,SHA256=5C7263CEE7783B50D9AB15D497A325DD67768D6BFECD1DBBF43FDCF3DF7F1D9E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000107409027Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:04.039{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6764FC5363F092052CF3C2A816985A2F,SHA256=4ADFCEA090B2D185092D5ED3EA191B5E0CB69FCA2CDC8DD979BF168D4EE8D215,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000055905422Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:05.953{B81B27B7-F679-6183-7300-00000000CA01}3824NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=724A0DF7338A0194DE0AE850EE11818E,SHA256=C0188F5B122C272992A553FE27D13BFB19E5574F9BAB9E2185E3123AB39C650E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x8000000000000000107409030Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:13.478{3BF36828-98A5-6185-ED00-00000000CC01}2352C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local61640-false10.0.1.12-8000- 23542300x8000000000000000107409029Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:05.274{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=CA3E3C46C6691C5CB54F767904383888,SHA256=12723F3AB3D78D9E4116D36AC5B7E6C477AB3A34FDBFB83012C0CBFAD9FFADFF,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000107409028Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:05.274{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5A3198E134122203505A8F1FF2186889,SHA256=0563F84F8B34A8F4403BDD2AE336B888B8D9E14833846E8093B74A4DC42083E7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000055905424Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:06.968{B81B27B7-F679-6183-7300-00000000CA01}3824NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E6186B5157B6885F80F0D3F7E51DE474,SHA256=961CB8D686D9E2613A52ED0A0566C28BBAF86445FFA6F101D4477FD157B65270,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000107409032Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:06.274{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=03FC5F6DBE6F903E65D8BCA578267F53,SHA256=A138007166F4F8ADDDF912A5228FD0236682DA6A71010EF368E354032F7335FE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000055905423Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:30:44.637{B81B27B7-F671-6183-6900-00000000CA01}4040C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local62965-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x8000000000000000107409031Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:06.242{3BF36828-989D-6185-BF00-00000000CC01}2968NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=9D45E1BDB6F237A6CF51FFC6A12E6130,SHA256=87EEE278CDF62B2B86AF9CB87BDB04BAFB10272CEA175D83979B0C43158C5AB9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000055905425Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:07.981{B81B27B7-F679-6183-7300-00000000CA01}3824NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=65C0C4C8EB6FAFB6470B0018FC761657,SHA256=F2E893A8A676897CB9ED234075C0DA1554DAB028A386EE7ADB23A2CFD4BD6BA3,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x8000000000000000107409037Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:15.650{3BF36828-989D-6185-BF00-00000000CC01}2968C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local61642-false10.0.1.12-8089- 354300x8000000000000000107409036Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:15.463{3BF36828-9797-6185-0B00-00000000CC01}636C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-128.attackrange.local61641-true0:0:0:0:0:0:0:1win-dc-128.attackrange.local389ldap 354300x8000000000000000107409035Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:15.463{3BF36828-97A9-6185-2800-00000000CC01}2876C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-128.attackrange.local61641-true0:0:0:0:0:0:0:1win-dc-128.attackrange.local389ldap 23542300x8000000000000000107409034Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:07.452{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D8ED10E67526BCC181DB116564C2B174,SHA256=D566AF1D21003EF4397D0A6A3DBE60E1072E0BAF12369AE9CF04AD29E8B4E841,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000107409033Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:07.070{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=103EA21211D7E31DF8D8329F1D0D5E14,SHA256=777034212EDD601A258E26CCA0F4CCC8DC66CAB0E3EBFFEA81D389071471EE18,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000055905426Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:08.997{B81B27B7-F679-6183-7300-00000000CA01}3824NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8B9AA30610F4C75142CACC7F4F918213,SHA256=B96269B4686C7D72841048EB09A018B538AC54E38F7642515D068D4FBB0BBF22,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000107409039Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:08.483{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9A9598A454D340CAE434C73D788CD25B,SHA256=DF629607AC0307CDF7AD71682F1DB333370A539F0183A3366559E45DA37D7EC8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000107409038Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:08.092{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=70641EBD5B62FB7831AE25F8F5AE2F6B,SHA256=57693B7DA62ADCFEBCE701BEA65BFFE4CBE73AB3CF10AAAA28DE1430027F0065,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000107409040Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:09.624{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1352C72CC0144FFF02B4E3682554A986,SHA256=085532F0311CA18EF013C4027C2AFE8C3E7F0DAE0841C94E25CF8DD6530820F3,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000055905427Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:10.216{B81B27B7-F679-6183-7300-00000000CA01}3824NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BFEA02E0B252E564F7DBC111EEB775C0,SHA256=3982467ADCA89A27480E3159ED02F82F855882F1E55ECC394B8B3F14F86F1A80,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x8000000000000000107409043Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:18.485{3BF36828-98A5-6185-ED00-00000000CC01}2352C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local61643-false10.0.1.12-8000- 23542300x8000000000000000107409042Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:10.624{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=48CEC0288ACD2EFF09A29634007C8F7B,SHA256=DC0E24FB15B0E9136218DC4AC6D5122227089A7D09C369DF82DA372BF8A5962C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000107409041Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:10.280{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B84F7828F07C42F85D3A091A48BCCC27,SHA256=578F0E62364E942DA97ED4908E523C51805DDA6AF050E0AE1BB9C9C9F0469D4A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000107409044Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:11.624{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A4AD603FC94D4871E356638EE7909C9E,SHA256=D920C6D46033AE828C9BA9F4555262EEF683164F1E33F052C239172EE1A41510,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000055905429Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:11.356{B81B27B7-F679-6183-7300-00000000CA01}3824NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B539CB7B7ACF04F7265120C1C1B5C226,SHA256=9650BFAE4B6F809B4796C968B6A884DF00ED4459E3AAFC99E35A6A8971E57C96,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000055905428Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:30:49.775{B81B27B7-F671-6183-6900-00000000CA01}4040C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local62966-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x8000000000000000107409045Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:12.733{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AD6D0D217D7AC1F3AD50877FF845AB65,SHA256=3BB19EFD5168536BF252E44BAD6F2ECDB32B75AAE998578F667C41DEB10636CA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000055905430Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:12.419{B81B27B7-F679-6183-7300-00000000CA01}3824NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EF92B899F4A73DFE73939EB9AE190346,SHA256=A8D7477ACF8E5AE23952221714A22D4DAF9A495D8BC1F9CAC6F22EFC60A13322,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000107409046Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:13.733{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7F28B578010470F018E4E67E8C173EDC,SHA256=ADB3DEA952EEC14CC123A0194426F45F126B1971577C53691105AC22C8B0E0B8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000055905431Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:13.435{B81B27B7-F679-6183-7300-00000000CA01}3824NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8E72E548382C86E27E449773C03094FA,SHA256=35A5E2481516A39375A1C903387269CA89FFD621759CDA4026F5E5ACAD66EFE9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000055905432Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:14.466{B81B27B7-F679-6183-7300-00000000CA01}3824NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0041689419BB59BEB3B65B4D4BACF943,SHA256=DC50D2C3B88AEEB36501EC97326F16561F705282617B4D29A52841E052AF0264,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000107409047Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:14.733{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7C10276F108CA023A8D3BC19B13A5E6D,SHA256=37F3C1B0325680575E33A341EDEE984D0558524E96A138AA1677D497B52D3F30,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000055905433Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:15.482{B81B27B7-F679-6183-7300-00000000CA01}3824NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9E30C4104927245763EEA9CCBC69F40A,SHA256=9764F8ABD4E42ADDD373E15ABB764A804756E4B7B8BEB6F2DAD275BED784C512,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000107409050Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:15.749{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=34E85F9DD674E1AC931FA6B9956E8F38,SHA256=0DF9A5821F92E7163A563EBC73E96E7C33151AB4E7E7EEB8DD2E78894D3C6EDB,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000107409049Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:15.467{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A8B4E54B2E7ABA9FC22E0193EA33A090,SHA256=06B9913287E0533571EBFA0B65B5E5AD7D79BAAF328C9E40D547A33930375AA6,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000107409048Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:15.467{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F7FEABDC5C86CF4B111D1C2CA0C8EFDA,SHA256=F783988B2E551AB939009732B2B43DD0297219F0BAE56E23842C57FAF0670E05,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000107409052Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:16.764{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=81A9EACEDB9D04E189A554C413DE7A19,SHA256=128BB6C5EA1B6DE6A404ED07948220632B29CDF1BD96104EA509A39D2DC0536C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000055905435Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:16.514{B81B27B7-F679-6183-7300-00000000CA01}3824NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=527CBCBF8B8D628C1462379972B6D6C6,SHA256=C2922524DD7E72F44F7CB17C18D9D1928875C7426BA2620AC305E29FDBD9A94E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000055905434Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:30:55.697{B81B27B7-F671-6183-6900-00000000CA01}4040C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local62967-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 354300x8000000000000000107409051Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:23.656{3BF36828-98A5-6185-ED00-00000000CC01}2352C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local61644-false10.0.1.12-8000- 23542300x8000000000000000107409053Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:17.780{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EC5F6ADC5D8F784EC6A8B42B9373A0A7,SHA256=F46BF1AA04441590AA867521CD445650C1C9DBA034E69F9AA1407EFA4245CBCA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000055905436Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:17.542{B81B27B7-F679-6183-7300-00000000CA01}3824NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A6AEFDC779434A346AABA72B53A6A682,SHA256=84781EECC58A5A72DC78D6EB63002BF28E80D28D39CF0FA86660C294E12917B3,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000055905437Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:18.548{B81B27B7-F679-6183-7300-00000000CA01}3824NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7FA1E277CFBD2AD2C457AFA64B129173,SHA256=0B439072B664632C38E414C5703E42A8435134FB2B51D730B7E83D545BB40CAD,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000107409054Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:18.780{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=84A74AF2F76609F9D6746F5B41995A33,SHA256=BFF3DDA2734F1DC483C6BF03FDCBF7548577F1819E5A6DAC3C69D7ED88DA4D76,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000055905438Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:19.611{B81B27B7-F679-6183-7300-00000000CA01}3824NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D5A2A967AC2EFA2BF850F1D861D23544,SHA256=136B440BBB86826067C7ACBE40AE853962DDE266999462AC70D65B17BE572E62,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000107409055Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:19.780{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=86DF5C2F1B32DB6DD1F19BF443C5BBDA,SHA256=D5A2E8D329E85F29617BB31699EDECD411F077E7F3108F8DC6BC1275C5825D55,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000107409057Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:20.842{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C060FCB4839ED6679BA71978B973EE63,SHA256=34349965A19A532FDBA4A1B6AC679B50636204C1891328753B9AB4D37A694305,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000055905439Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:20.626{B81B27B7-F679-6183-7300-00000000CA01}3824NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2E0E858DF1C09AD88A5D7A7973571373,SHA256=D4BEDBA6EF14714B486E09D31871C56ACFAD8F7BD60B11D5ACC7C91157EF33EE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000107409056Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:20.671{3BF36828-9799-6185-1100-00000000CC01}424NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=44AE051269B1873A8D825A7F2F38DE41,SHA256=DFD54F810E1C3DDF0A651BE1A102155401A6072085B335C07B86A43F63747D89,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000107409060Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:21.842{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3C6CFD3094EBC407B7E67C8EAEFAA017,SHA256=DF11B9E3089C2AC471D629B1E1A5531F2CC5DBB6485C964764606B10A836D4FC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000055905440Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:21.642{B81B27B7-F679-6183-7300-00000000CA01}3824NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=85CF98B294629C72998900F18D043898,SHA256=C7BFC4B661C5C5A8B798E05269B374BA5614026E83A9CABF68D0F8BBCCC7BB93,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000107409059Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:21.296{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=CF16B8FE0F96BD5A539F15D6525B3556,SHA256=28DEB9AD296A612138CA1ED9A4A1702EE1542B1CE6BD6CAF489D802B84D2A326,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000107409058Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:21.296{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A8B4E54B2E7ABA9FC22E0193EA33A090,SHA256=06B9913287E0533571EBFA0B65B5E5AD7D79BAAF328C9E40D547A33930375AA6,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000107409062Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:22.842{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=281B474F12BE523D42917FF5828682D9,SHA256=42BE65E8EC467D1BB58536692F1097F80B3D4D8B9E4E6E8E50C1D14874CB2D5F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000055905442Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:22.673{B81B27B7-F679-6183-7300-00000000CA01}3824NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=007A0F70B1D67D2B4EF7BBE4BB338E97,SHA256=69F396B257A804B63D294FB43EE63A2396AF4A159B6F327FFE67B1C25ADCB5A1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x8000000000000000107409061Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:29.532{3BF36828-98A5-6185-ED00-00000000CC01}2352C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local61645-false10.0.1.12-8000- 354300x800000000000000055905441Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:01.732{B81B27B7-F671-6183-6900-00000000CA01}4040C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local62968-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x8000000000000000107409064Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:23.858{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B288E6BFEBB21CC3E65B1322334F1581,SHA256=A1005E35821C4206D1229C97FAED3C9FE5E358B980AA5FBF5B250D78193BD1C6,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000055905443Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:23.689{B81B27B7-F679-6183-7300-00000000CA01}3824NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0A1679717280375ACAE0F2BC0BD12A8A,SHA256=FBD4C6BC6C18A5E8007B974901C2F659C045864C5B632365786F568757E4AAA7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000107409063Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:23.092{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=CF16B8FE0F96BD5A539F15D6525B3556,SHA256=28DEB9AD296A612138CA1ED9A4A1702EE1542B1CE6BD6CAF489D802B84D2A326,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000055905445Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:24.986{B81B27B7-F667-6183-2200-00000000CA01}1748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=9D45E1BDB6F237A6CF51FFC6A12E6130,SHA256=87EEE278CDF62B2B86AF9CB87BDB04BAFB10272CEA175D83979B0C43158C5AB9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000055905444Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:24.720{B81B27B7-F679-6183-7300-00000000CA01}3824NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CA826B53A39A11D02BC772D82D209F22,SHA256=D381089EA1B19C011F8612D09A00F46D646139AE5EFDE04909DACA6391C3376F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000055905446Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:25.736{B81B27B7-F679-6183-7300-00000000CA01}3824NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2E82D65DCDBACB1C7C81AD80D7F0840F,SHA256=CAFAF93D9323477D0144749126A8413FB87F499DB57B6CA0EA14AB8121B95558,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000107409065Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:25.077{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=754659120D4FDF160D6054389F23695C,SHA256=76C70476140E48B937B58C0A4B57CDADBB2C21F3FDA440874EECB0E314CEACDD,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000055905448Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:26.782{B81B27B7-F679-6183-7300-00000000CA01}3824NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D2B6685B0658BA3D57F5BCEE56C1F406,SHA256=DED16BC8903A0AF0AB35380528456295AF57F088EB07003B01FB5D8EE5529794,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000107409067Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:26.124{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=18F064D5F7534499BD525AFDF695638E,SHA256=3C9DE6F2667C85FD63D01C598C2CFC7B3FD3CAF3F17EFACBC0D8E730B2B8FE13,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000107409066Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:26.077{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=19E6CFB5A8AA762075671084653291B5,SHA256=DCAAB2461D66AAAC40DD77E7D9B10F699340EC155CD368B286D0CD96D497A5F8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000055905447Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:05.482{B81B27B7-F667-6183-2200-00000000CA01}1748C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local62969-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8089- 23542300x800000000000000055905449Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:27.799{B81B27B7-F679-6183-7300-00000000CA01}3824NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B06812EA36BD5C4F99BB739CA095749B,SHA256=BDB29BD647B3A66AEE69445FA10A9F88073D02743D0AB04825FFCA85D4871966,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x8000000000000000107409069Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:34.547{3BF36828-98A5-6185-ED00-00000000CC01}2352C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local61646-false10.0.1.12-8000- 23542300x8000000000000000107409068Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:27.077{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=04831B2CA8467101F7D4FA1BA1BDFE0F,SHA256=1860B814ADA57DE5E12EEA6220CD69DB4A1B8FA6CCFAEB62BF6ADB182CC9DC2F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000055905450Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:28.861{B81B27B7-F679-6183-7300-00000000CA01}3824NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4964FC0A4060665F943854A04125D92B,SHA256=49D6966713B3817D152123724BECD900EFC4AF389FA6D620C6DAE01444AC38B6,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000107409071Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:28.316{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=493522EF5C8BCB0112F877B487E0BC33,SHA256=083D3A92DA7F93D165644734404D42072FE173E5FB0C11EBBB301D0BF88C6E25,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000107409070Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:28.129{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=82C362F2EBB93E3550DA76761DA5AA9B,SHA256=BF0E3F81FA40A13861EDB474ABA4E6DA5FB1B7BCAD506128F94F68F8A8CE9E81,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000055905452Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:29.893{B81B27B7-F679-6183-7300-00000000CA01}3824NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=61ABF42EDAF594210A97494650F6BC01,SHA256=351812160DAC9CE525AA76AE54F5AF83D8CD969B0B28DAC50F9AD4A79DD7967D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000107409072Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:29.316{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F8B49EB02A2AA692D573DEF507A92189,SHA256=2F16F42907D9432022AEC97ED8D81040AF8FC46650C448F0BD9FD76661ADA08F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000055905451Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:07.655{B81B27B7-F671-6183-6900-00000000CA01}4040C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local62970-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000055905453Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:30.908{B81B27B7-F679-6183-7300-00000000CA01}3824NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8BAE5232004B7B14D4FE13C713D5C4D7,SHA256=5A36275B1836D45C21DE94E7C719C90A8E305BB8F9BA8B9BBD89DCDE99C51039,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000107409073Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:30.488{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CA8152A6C7116FA8BA36FF059AF3FC51,SHA256=C22521A3239D9F3AB8ABA4B7FE2681FC03E374A8DD21C3ECBA7BBBFAACE6F33D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000055905454Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:31.940{B81B27B7-F679-6183-7300-00000000CA01}3824NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CA40D2C12A23AB9414362F878AC22FCB,SHA256=363D2AB431DE2533BCE09430BE17EFF185D1A6480E731A8060350ADB0A3FAB75,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000107409075Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:31.488{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B0F81444BCAE1307BA454E5AA6EB3AC9,SHA256=7DD08508516B5989B873001E1C1747D0B3D2246421B903F06F1ABE6782649041,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000107409074Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:31.269{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=21A285407BE6A82EB40A5B7A6EC00936,SHA256=2ADC0D56A8F25A01227BC6A3F77D199622A24D81F5BE0C81AE058771C8EB66BA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000055905455Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:32.955{B81B27B7-F679-6183-7300-00000000CA01}3824NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D3CF21D4870B848B5DC01E8FE722D6E9,SHA256=D27E6075090D331C73EEB92BAA562F856C64AD620CC3DEE304A5E5198A894463,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000107409077Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:32.551{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8310C3DBDA0AD90220CCDE67971E8C71,SHA256=38D847433EC56EB1F541E5CA69C1413FD540F80FEF480AB57BDF4033E02693CE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x8000000000000000107409076Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:39.677{3BF36828-98A5-6185-ED00-00000000CC01}2352C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local61647-false10.0.1.12-8000- 23542300x800000000000000055905456Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:33.971{B81B27B7-F679-6183-7300-00000000CA01}3824NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D7113F28AA0AA499D968CAE2BA892F13,SHA256=4ABDAD81836E4F9593D4B65237CFF3391E06978D9ED305B9BA0D4CD4B59A3A0A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000107409078Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:33.551{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3BD93AACC4070C0B3C5E7387DF638341,SHA256=67B7F3A3B7709BAC46538D1A789328E3B9AF9F9763B5CCBA9701E97173F928BB,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000107409079Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:34.785{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4774865F20370740AC9F9B9FA356B97A,SHA256=220E66DBE945AB6A28D2824704F36D45FB49FFC2C29BC8AA6425452FD56EE658,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000055905457Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:13.608{B81B27B7-F671-6183-6900-00000000CA01}4040C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local62971-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x8000000000000000107409083Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:35.926{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A84F18EDBC65BA8012C1F74DCC0271D2,SHA256=531D74B147AD71D819709D2EED1662AE0C8CB9709BC1563D428BDFF33CBA1C5E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x8000000000000000107409082Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:35.066{3BF36828-9799-6185-0C00-00000000CC01}844408C:\Windows\system32\svchost.exe{3BF36828-9799-6185-1500-00000000CC01}1236C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000107409081Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:35.066{3BF36828-9799-6185-0C00-00000000CC01}844408C:\Windows\system32\svchost.exe{3BF36828-9799-6185-1500-00000000CC01}1236C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000107409080Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:35.066{3BF36828-9799-6185-0C00-00000000CC01}844408C:\Windows\system32\svchost.exe{3BF36828-9799-6185-1500-00000000CC01}1236C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000055905458Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:35.018{B81B27B7-F679-6183-7300-00000000CA01}3824NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CEBAD40B4EDC3771C4B6F7C7CF83F8CE,SHA256=BF5BDFF8F0FE4630F467ED0C30390FA3892F33B1CEDD23CF570C9968D266F397,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000055905459Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:36.033{B81B27B7-F679-6183-7300-00000000CA01}3824NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DA6EC046E38DDED128D13A38A01C1467,SHA256=72E63E38AA162854A5D0104CB6E9FCF4B3D77CC15F6F5C09F408BF16FD09A5E5,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000107409086Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:37.269{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=58E0E11345115F67E1C4703D0395E96E,SHA256=2B281B9D9586558FB66DA801E96CB24831E5981C95FAB0B85D46FB6035A3F690,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000107409085Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:37.269{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=BA7CE3615E0549A41836C92906245D15,SHA256=9F350A311CAA8E2A11EBFB10771C8E5275F0B918EC639E963C752E5AB9E7AE5F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000107409084Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:37.113{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AEF55A61384796E32A061AC8C097625E,SHA256=A0E89EF275FDF51CEAC09002F81E0E6BAE806043D6ADD24F5EB33788718F1EF0,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000055905460Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:37.049{B81B27B7-F679-6183-7300-00000000CA01}3824NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C797025F6E0E0755068B6B15DBA198E4,SHA256=4C184C7C6983972572237C2CC30AC6C2A175D3308D7793C857901EE535DA2649,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x8000000000000000107409088Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:45.662{3BF36828-98A5-6185-ED00-00000000CC01}2352C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local61648-false10.0.1.12-8000- 23542300x8000000000000000107409087Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:38.269{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=02396333AFC5746A8FC37207C94DBE26,SHA256=F74ECC1DF04E846449D551C6BAC48A068605C848E17C82DB7C4ECFEA1A378983,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000055905461Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:38.080{B81B27B7-F679-6183-7300-00000000CA01}3824NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6699A17145025F6565C20C0DDC30B884,SHA256=7E1F224861EAEC6B4610A2508CD83103A35A5107F8A69D10941E0E9915D2A0AF,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000107409089Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:39.379{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7626F4D720CBA2D567B4B07683D51ADF,SHA256=1C274F39AC86BBECED79E16368F7FA7B5663FEFB05471EE96871D053C20F3603,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000055905462Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:39.096{B81B27B7-F679-6183-7300-00000000CA01}3824NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=238D15AD5D6CD237D44B4B9169070BC1,SHA256=7B5960F6C32D168662B9E44533B95B1E4D7F2090DE05531940C8E637104C306C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000107409090Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:40.598{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E432E5B57EE87E13A1C5099A03904721,SHA256=7DEE414A7C2CE3BC24EA6B3642CEAE17E3F3247EF7C8D17148DC4583F40D2055,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000055905463Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:40.111{B81B27B7-F679-6183-7300-00000000CA01}3824NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2E67733D3EF0F9830A12FB51B586548F,SHA256=B25A72672D11F9EBF4F540BC8B5489B9F0D82EF54A2A6234017F3198B2DAE7CF,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000107409091Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:41.629{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F51A6E4A33DEE9F9D875919294C451ED,SHA256=B710B6CE961D77B684BF913C4366B3AAEDCA5B4D7DD0114A430166575BB2A763,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000055905465Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:19.607{B81B27B7-F671-6183-6900-00000000CA01}4040C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local62972-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000055905464Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:41.143{B81B27B7-F679-6183-7300-00000000CA01}3824NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=507688341F0728459349859B68C29096,SHA256=BC74B7C6AF792529EB3ABAD87D19AB11E46D878FF775FBC9C3735529B558F817,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000107409092Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:42.769{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DA0606CF042EBAC06C45E9E4DE48256C,SHA256=A31025B58503577BCC9F3264E6C79A71DD9861D639D08839ABE3C6396FC3C854,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000055905466Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:42.158{B81B27B7-F679-6183-7300-00000000CA01}3824NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6EA196BC2AF5745A15E275F9ADF19E58,SHA256=1311707789EDCD7EDC9656F1189A276DB7141EB811A5BB1E649C3190F1E1FFC7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000107409095Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:43.769{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=70156258318724453F17A12E3708959C,SHA256=2708426126B0213AFA2A45F1E22F48BCBD63BAF7D477CAFB5249CDDB49836B19,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000055905467Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:43.236{B81B27B7-F679-6183-7300-00000000CA01}3824NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FED603B8647E481436914F0E4901E3AD,SHA256=6E066993F781FE16568653C06A1707DBA54AF13C197DBBC9A4E761D39A1C5763,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000107409094Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:43.113{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=CAA01751F6A8BF1AA5BF274AD5088BF8,SHA256=79C28F9945427B71D5F750FCD08D20F2F126CE9A8F4FB072C8391320984E3605,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000107409093Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:43.113{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=58E0E11345115F67E1C4703D0395E96E,SHA256=2B281B9D9586558FB66DA801E96CB24831E5981C95FAB0B85D46FB6035A3F690,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000107409097Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:44.785{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=085D74DF8A81D0F138BE39A28CC6B711,SHA256=E2DF9B8959183D337ACBC02A657CB816F3EEF8985EDCE88CED5E684596E0D993,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000055905468Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:44.424{B81B27B7-F679-6183-7300-00000000CA01}3824NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=032A95D349BFC371866777B136638BB7,SHA256=B3686669C980EA911ACDBD837367E13C59F2228387E04B1093A15DEEE96C57AD,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x8000000000000000107409096Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:51.631{3BF36828-98A5-6185-ED00-00000000CC01}2352C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local61649-false10.0.1.12-8000- 23542300x8000000000000000107409098Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:45.801{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ABD111A65F0F95AE15D4564BF5CB6FE0,SHA256=DB22E6B7B1A2841B23FBA73B7A256FC3440A04619433C8AC04A1071DFE0BFD64,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000055905469Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:45.440{B81B27B7-F679-6183-7300-00000000CA01}3824NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8B6D64AB8AC5FDD73D6B07B5F0422FE3,SHA256=7351950C6C3E9148598869B22F782705A65B49D68F8A391209621315BA9962DE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000055905497Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:46.986{B81B27B7-A502-618E-B942-01000000CA01}56641104C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{B81B27B7-F667-6183-2200-00000000CA01}1748C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000055905496Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:46.799{B81B27B7-F668-6183-3000-00000000CA01}32323252C:\Windows\system32\conhost.exe{B81B27B7-A502-618E-B942-01000000CA01}5664C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000055905495Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:46.799{B81B27B7-F665-6183-0C00-00000000CA01}7321216C:\Windows\system32\svchost.exe{B81B27B7-F667-6183-2400-00000000CA01}1692C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000055905494Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:46.799{B81B27B7-F665-6183-0C00-00000000CA01}7321216C:\Windows\system32\svchost.exe{B81B27B7-F667-6183-2400-00000000CA01}1692C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000055905493Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:46.799{B81B27B7-F665-6183-0C00-00000000CA01}7321216C:\Windows\system32\svchost.exe{B81B27B7-F667-6183-2400-00000000CA01}1692C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000055905492Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:46.799{B81B27B7-F665-6183-0C00-00000000CA01}7321216C:\Windows\system32\svchost.exe{B81B27B7-F667-6183-2400-00000000CA01}1692C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000055905491Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:46.799{B81B27B7-F665-6183-0C00-00000000CA01}7321216C:\Windows\system32\svchost.exe{B81B27B7-F667-6183-2400-00000000CA01}1692C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000055905490Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:46.799{B81B27B7-F665-6183-0C00-00000000CA01}7321216C:\Windows\system32\svchost.exe{B81B27B7-F667-6183-2400-00000000CA01}1692C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000055905489Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:46.799{B81B27B7-F665-6183-0C00-00000000CA01}7321216C:\Windows\system32\svchost.exe{B81B27B7-F667-6183-2400-00000000CA01}1692C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000055905488Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:46.799{B81B27B7-F665-6183-0C00-00000000CA01}7321216C:\Windows\system32\svchost.exe{B81B27B7-F667-6183-2400-00000000CA01}1692C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000055905487Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:46.799{B81B27B7-F665-6183-0C00-00000000CA01}7321216C:\Windows\system32\svchost.exe{B81B27B7-F667-6183-2400-00000000CA01}1692C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000055905486Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:46.799{B81B27B7-F665-6183-0500-00000000CA01}4122712C:\Windows\system32\csrss.exe{B81B27B7-A502-618E-B942-01000000CA01}5664C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000055905485Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:46.799{B81B27B7-F667-6183-2200-00000000CA01}17483236C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{B81B27B7-A502-618E-B942-01000000CA01}5664C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000055905484Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:46.784{B81B27B7-A502-618E-B942-01000000CA01}5664C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{B81B27B7-F665-6183-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{B81B27B7-F667-6183-2200-00000000CA01}1748C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000055905483Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:46.455{B81B27B7-F679-6183-7300-00000000CA01}3824NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AF2355D85E3940F2D9B05845C56ADDEC,SHA256=F7F15CFC689354E436F63955D8692A254CFA65E946A1B029183F46F6A98A5D59,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x8000000000000000107409158Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:46.769{3BF36828-A502-618E-5611-01000000CC01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x8000000000000000107409157Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:46.769{3BF36828-A502-618E-5611-01000000CC01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x8000000000000000107409156Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:46.769{3BF36828-A502-618E-5611-01000000CC01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x8000000000000000107409155Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:46.598{3BF36828-A502-618E-5611-01000000CC01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x8000000000000000107409154Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:46.598{3BF36828-A502-618E-5611-01000000CC01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=B6E99FD898E948657373BB02708C7C00,SHA256=90476029BD7AB0FEC53AAE567AE53BC0B09C7C5C8C7B8F19485BA872B74ED591,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x8000000000000000107409153Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:46.598{3BF36828-A502-618E-5611-01000000CC01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x8000000000000000107409152Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:46.598{3BF36828-A502-618E-5611-01000000CC01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x8000000000000000107409151Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:46.582{3BF36828-A502-618E-5611-01000000CC01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x8000000000000000107409150Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:46.582{3BF36828-A502-618E-5611-01000000CC01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x8000000000000000107409149Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:46.582{3BF36828-A502-618E-5611-01000000CC01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x8000000000000000107409148Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:46.582{3BF36828-A502-618E-5611-01000000CC01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x8000000000000000107409147Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:46.566{3BF36828-A502-618E-5611-01000000CC01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sspicli.dll10.0.14393.2580 (rs1_release_inmarket.181009-1745)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=5061339CE61C0B32DB8F51A95E3B2422,SHA256=60558CA374334D4C6BBAD475921538C14A9FF3422893348A0503C1F33015FD25,IMPHASH=4B1C9487A6420C18F688F0EC5BEB6F33trueMicrosoft WindowsValid 734700x8000000000000000107409146Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:46.566{3BF36828-A502-618E-5611-01000000CC01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x8000000000000000107409145Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:46.566{3BF36828-A502-618E-5611-01000000CC01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x8000000000000000107409144Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:46.566{3BF36828-A502-618E-5611-01000000CC01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x8000000000000000107409143Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:46.566{3BF36828-A502-618E-5611-01000000CC01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x8000000000000000107409142Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:46.566{3BF36828-A502-618E-5611-01000000CC01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x8000000000000000107409141Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:46.566{3BF36828-A502-618E-5611-01000000CC01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\combase.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=88632FDECDE467B887C3594BE2EC545C,SHA256=FFED4D80961917C785063411ED15CED1DB6588AD925E76D72E1BF684FFDBF25D,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x8000000000000000107409140Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:46.566{3BF36828-A502-618E-5611-01000000CC01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x8000000000000000107409139Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:46.566{3BF36828-A502-618E-5611-01000000CC01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x8000000000000000107409138Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:46.566{3BF36828-A502-618E-5611-01000000CC01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x8000000000000000107409137Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:46.566{3BF36828-A502-618E-5611-01000000CC01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x8000000000000000107409136Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:46.566{3BF36828-A502-618E-5611-01000000CC01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x8000000000000000107409135Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:46.566{3BF36828-A502-618E-5611-01000000CC01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x8000000000000000107409134Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:46.566{3BF36828-A502-618E-5611-01000000CC01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x8000000000000000107409133Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:46.566{3BF36828-A502-618E-5611-01000000CC01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x8000000000000000107409132Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:46.566{3BF36828-A502-618E-5611-01000000CC01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x8000000000000000107409131Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:46.566{3BF36828-A502-618E-5611-01000000CC01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x8000000000000000107409130Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:46.566{3BF36828-A502-618E-5611-01000000CC01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x8000000000000000107409129Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:46.566{3BF36828-A502-618E-5611-01000000CC01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000107409128Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:46.566{3BF36828-A502-618E-5611-01000000CC01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x8000000000000000107409127Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:46.566{3BF36828-A502-618E-5611-01000000CC01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\nsi.dll10.0.14393.3297 (rs1_release_1.191001-1045)NSI User-mode interface DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationnsi.dllMD5=994E2A6D2A0B38E0968B3998E42033AC,SHA256=491F2D1DE09C39B324BCF5800198AC7CCE755F4023F1FEB3854D33716461BC27,IMPHASH=B01B7830101BC0D5FBDE4FFE2B170CF7trueMicrosoft WindowsValid 734700x8000000000000000107409126Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:46.566{3BF36828-A502-618E-5611-01000000CC01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x8000000000000000107409125Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:46.566{3BF36828-A502-618E-5611-01000000CC01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x8000000000000000107409124Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:46.566{3BF36828-A502-618E-5611-01000000CC01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x8000000000000000107409123Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:46.566{3BF36828-A502-618E-5611-01000000CC01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dnsapi.dll10.0.14393.4350 (rs1_release.210407-2154)DNS Client API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationdnsapiMD5=D7651F99299B13D576A72643BFC44944,SHA256=589302E630C473DBDF4CE92C59F00B029FCA0C228E7111A764166E16025FA1A9,IMPHASH=3C043C6FF0F62DAEB8819606F79C5ECCtrueMicrosoft WindowsValid 734700x8000000000000000107409122Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:46.566{3BF36828-A502-618E-5611-01000000CC01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\IPHLPAPI.DLL10.0.14393.2339 (rs1_release_inmarket.180611-1502)IP Helper APIMicrosoft® Windows® Operating SystemMicrosoft Corporationiphlpapi.dllMD5=3CD38EDF9CA12F91131EDEE32D1C9DF5,SHA256=AF2440640BF8BDEAAF0DECDD7C354158E415ED0AA340ABA7A6CCCDC09C1E728B,IMPHASH=98738BA55485CCA932F6D222F47FFC55trueMicrosoft WindowsValid 734700x8000000000000000107409121Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:46.566{3BF36828-A502-618E-5611-01000000CC01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5,IMPHASH=0D8FF9DE2DA5C07D680347B1A098E759trueMicrosoft WindowsValid 734700x8000000000000000107409120Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:46.566{3BF36828-A502-618E-5611-01000000CC01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x8000000000000000107409119Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:46.566{3BF36828-A502-618E-5611-01000000CC01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\advapi32.dll10.0.14393.2969 (rs1_release.190503-1820)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=F5442C4B9A99C3AED71BED79AC46DAD1,SHA256=05F47403F3BD93FB11F39A5CB4D6E4DD08B35FF4FA3D4969D8E5396D38FB484B,IMPHASH=D2F471BB25AF6310EB67BD4EA99B4DBCtrueMicrosoft WindowsValid 734700x8000000000000000107409118Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:46.551{3BF36828-A502-618E-5611-01000000CC01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4350 (rs1_release.210407-2154)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=BC930981DA6E598A6A2E87D8355CB38A,SHA256=34DB9A305C0574B5C1694A499221B520DFB2BFD894D8E95096ABF09F1182D758,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x8000000000000000107409117Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:46.551{3BF36828-A502-618E-5611-01000000CC01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x8000000000000000107409116Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:46.551{3BF36828-A502-618E-5611-01000000CC01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 10341000x8000000000000000107409115Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:46.551{3BF36828-989E-6185-C300-00000000CC01}59565960C:\Windows\system32\conhost.exe{3BF36828-A502-618E-5611-01000000CC01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x8000000000000000107409114Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:46.551{3BF36828-A502-618E-5611-01000000CC01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x8000000000000000107409113Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:46.551{3BF36828-A502-618E-5611-01000000CC01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 10341000x8000000000000000107409112Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:46.551{3BF36828-9799-6185-0C00-00000000CC01}844408C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x8000000000000000107409111Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:46.551{3BF36828-A502-618E-5611-01000000CC01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 10341000x8000000000000000107409110Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:46.551{3BF36828-9799-6185-0C00-00000000CC01}844408C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000107409109Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:46.551{3BF36828-9799-6185-0C00-00000000CC01}844408C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x8000000000000000107409108Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:46.551{3BF36828-A502-618E-5611-01000000CC01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exeMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AECtrueSplunk, Inc.Valid 10341000x8000000000000000107409107Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:46.551{3BF36828-9799-6185-0C00-00000000CC01}844408C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000107409106Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:46.551{3BF36828-9797-6185-0500-00000000CC01}420412C:\Windows\system32\csrss.exe{3BF36828-A502-618E-5611-01000000CC01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000107409105Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:46.551{3BF36828-989D-6185-BF00-00000000CC01}29682452C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3BF36828-A502-618E-5611-01000000CC01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000107409104Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:46.520{3BF36828-A502-618E-5611-01000000CC01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{3BF36828-9797-6185-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{3BF36828-989D-6185-BF00-00000000CC01}2968C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000107409103Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:46.519{3BF36828-9D19-618C-1ED4-00000000CC01}61284772C:\Windows\system32\taskmgr.exe{3BF36828-A502-618E-5611-01000000CC01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+19544|C:\Windows\system32\taskmgr.exe+1a290|C:\Windows\system32\taskmgr.exe+19e20|C:\Windows\system32\taskmgr.exe+1cc42|C:\Windows\system32\taskmgr.exe+14fa9|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000107409102Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:46.519{3BF36828-9D19-618C-1ED4-00000000CC01}61284772C:\Windows\system32\taskmgr.exe{3BF36828-A502-618E-5611-01000000CC01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\taskmgr.exe+1e590|C:\Windows\system32\taskmgr.exe+1a25e|C:\Windows\system32\taskmgr.exe+19e20|C:\Windows\system32\taskmgr.exe+1cc42|C:\Windows\system32\taskmgr.exe+14fa9|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000107409101Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:46.519{3BF36828-9D19-618C-1ED4-00000000CC01}61284772C:\Windows\system32\taskmgr.exe{3BF36828-A502-618E-5611-01000000CC01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+1ea6a|C:\Windows\system32\taskmgr.exe+1a0d0|C:\Windows\system32\taskmgr.exe+19e20|C:\Windows\system32\taskmgr.exe+1cc42|C:\Windows\system32\taskmgr.exe+14fa9|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000107409100Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:46.519{3BF36828-9D19-618C-1ED4-00000000CC01}61284772C:\Windows\system32\taskmgr.exe{3BF36828-A502-618E-5611-01000000CC01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+b1cf|C:\Windows\system32\taskmgr.exe+1a084|C:\Windows\system32\taskmgr.exe+19e20|C:\Windows\system32\taskmgr.exe+1cc42|C:\Windows\system32\taskmgr.exe+14fa9|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000107409099Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:46.519{3BF36828-9D19-618C-1ED4-00000000CC01}61284772C:\Windows\system32\taskmgr.exe{3BF36828-A502-618E-5611-01000000CC01}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+b2b8|C:\Windows\system32\taskmgr.exe+19d0d|C:\Windows\system32\taskmgr.exe+1cc42|C:\Windows\system32\taskmgr.exe+14fa9|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000055905482Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:46.111{B81B27B7-F668-6183-3000-00000000CA01}32323252C:\Windows\system32\conhost.exe{B81B27B7-A502-618E-B842-01000000CA01}4108C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000055905481Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:46.111{B81B27B7-F665-6183-0C00-00000000CA01}7321216C:\Windows\system32\svchost.exe{B81B27B7-F667-6183-2400-00000000CA01}1692C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000055905480Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:46.111{B81B27B7-F665-6183-0C00-00000000CA01}7321216C:\Windows\system32\svchost.exe{B81B27B7-F667-6183-2400-00000000CA01}1692C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000055905479Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:46.111{B81B27B7-F665-6183-0500-00000000CA01}412428C:\Windows\system32\csrss.exe{B81B27B7-A502-618E-B842-01000000CA01}4108C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000055905478Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:46.111{B81B27B7-F665-6183-0C00-00000000CA01}7321216C:\Windows\system32\svchost.exe{B81B27B7-F667-6183-2400-00000000CA01}1692C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000055905477Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:46.111{B81B27B7-F665-6183-0C00-00000000CA01}7321216C:\Windows\system32\svchost.exe{B81B27B7-F667-6183-2400-00000000CA01}1692C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000055905476Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:46.111{B81B27B7-F665-6183-0C00-00000000CA01}7321216C:\Windows\system32\svchost.exe{B81B27B7-F667-6183-2400-00000000CA01}1692C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000055905475Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:46.111{B81B27B7-F665-6183-0C00-00000000CA01}7321216C:\Windows\system32\svchost.exe{B81B27B7-F667-6183-2400-00000000CA01}1692C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000055905474Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:46.111{B81B27B7-F665-6183-0C00-00000000CA01}7321216C:\Windows\system32\svchost.exe{B81B27B7-F667-6183-2400-00000000CA01}1692C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000055905473Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:46.111{B81B27B7-F665-6183-0C00-00000000CA01}7321216C:\Windows\system32\svchost.exe{B81B27B7-F667-6183-2400-00000000CA01}1692C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000055905472Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:46.111{B81B27B7-F665-6183-0C00-00000000CA01}7321216C:\Windows\system32\svchost.exe{B81B27B7-F667-6183-2400-00000000CA01}1692C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000055905471Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:46.111{B81B27B7-F667-6183-2200-00000000CA01}17483236C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{B81B27B7-A502-618E-B842-01000000CA01}4108C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000055905470Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:46.097{B81B27B7-A502-618E-B842-01000000CA01}4108C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{B81B27B7-F665-6183-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{B81B27B7-F667-6183-2200-00000000CA01}1748C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000055905504Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:47.781{B81B27B7-F665-6183-0C00-00000000CA01}7321216C:\Windows\system32\svchost.exe{B81B27B7-F666-6183-1500-00000000CA01}1148C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000055905503Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:47.781{B81B27B7-F665-6183-0C00-00000000CA01}7321216C:\Windows\system32\svchost.exe{B81B27B7-F666-6183-1500-00000000CA01}1148C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000055905502Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:47.781{B81B27B7-F665-6183-0C00-00000000CA01}7321216C:\Windows\system32\svchost.exe{B81B27B7-F666-6183-1500-00000000CA01}1148C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000055905501Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:47.469{B81B27B7-F679-6183-7300-00000000CA01}3824NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=39E1EC4B994609D5FE0DA3FAFFD5C00A,SHA256=E50098D46C6676B5B38C13C8D3C4A3A00E431E1FA40B9ED185A47C7BAC281D03,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x8000000000000000107409263Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:47.908{3BF36828-A503-618E-5811-01000000CC01}6060C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 10341000x8000000000000000107409262Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:47.908{3BF36828-A503-618E-5811-01000000CC01}60605344C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{3BF36828-989D-6185-BF00-00000000CC01}2968C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x8000000000000000107409261Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:47.908{3BF36828-A503-618E-5811-01000000CC01}6060C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x8000000000000000107409260Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:47.908{3BF36828-A503-618E-5811-01000000CC01}6060C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 23542300x8000000000000000107409259Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:47.767{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B17C96695400842933B40253884966D7,SHA256=07088F916D0573C46E098C6F93B26B99757BFFE9008A02B8D63FC071111EDE20,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x8000000000000000107409258Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:47.736{3BF36828-A503-618E-5811-01000000CC01}6060C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x8000000000000000107409257Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:47.720{3BF36828-A503-618E-5811-01000000CC01}6060C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=B6E99FD898E948657373BB02708C7C00,SHA256=90476029BD7AB0FEC53AAE567AE53BC0B09C7C5C8C7B8F19485BA872B74ED591,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x8000000000000000107409256Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:47.720{3BF36828-A503-618E-5811-01000000CC01}6060C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x8000000000000000107409255Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:47.720{3BF36828-A503-618E-5811-01000000CC01}6060C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x8000000000000000107409254Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:47.720{3BF36828-A503-618E-5811-01000000CC01}6060C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x8000000000000000107409253Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:47.720{3BF36828-A503-618E-5811-01000000CC01}6060C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x8000000000000000107409252Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:47.720{3BF36828-A503-618E-5811-01000000CC01}6060C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x8000000000000000107409251Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:47.720{3BF36828-A503-618E-5811-01000000CC01}6060C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x8000000000000000107409250Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:47.720{3BF36828-A503-618E-5811-01000000CC01}6060C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x8000000000000000107409249Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:47.720{3BF36828-A503-618E-5811-01000000CC01}6060C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x8000000000000000107409248Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:47.705{3BF36828-A503-618E-5811-01000000CC01}6060C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x8000000000000000107409247Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:47.705{3BF36828-A503-618E-5811-01000000CC01}6060C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x8000000000000000107409246Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:47.705{3BF36828-A503-618E-5811-01000000CC01}6060C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=88632FDECDE467B887C3594BE2EC545C,SHA256=FFED4D80961917C785063411ED15CED1DB6588AD925E76D72E1BF684FFDBF25D,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x8000000000000000107409245Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:47.705{3BF36828-A503-618E-5811-01000000CC01}6060C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x8000000000000000107409244Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:47.705{3BF36828-A503-618E-5811-01000000CC01}6060C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x8000000000000000107409243Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:47.705{3BF36828-A503-618E-5811-01000000CC01}6060C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x8000000000000000107409242Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:47.705{3BF36828-A503-618E-5811-01000000CC01}6060C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x8000000000000000107409241Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:47.705{3BF36828-A503-618E-5811-01000000CC01}6060C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x8000000000000000107409240Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:47.705{3BF36828-A503-618E-5811-01000000CC01}6060C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x8000000000000000107409239Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:47.705{3BF36828-A503-618E-5811-01000000CC01}6060C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000107409238Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:47.705{3BF36828-A503-618E-5811-01000000CC01}6060C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x8000000000000000107409237Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:47.705{3BF36828-A503-618E-5811-01000000CC01}6060C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x8000000000000000107409236Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:47.705{3BF36828-A503-618E-5811-01000000CC01}6060C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x8000000000000000107409235Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:47.705{3BF36828-A503-618E-5811-01000000CC01}6060C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x8000000000000000107409234Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:47.705{3BF36828-A503-618E-5811-01000000CC01}6060C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x8000000000000000107409233Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:47.705{3BF36828-A503-618E-5811-01000000CC01}6060C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4350 (rs1_release.210407-2154)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=BC930981DA6E598A6A2E87D8355CB38A,SHA256=34DB9A305C0574B5C1694A499221B520DFB2BFD894D8E95096ABF09F1182D758,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x8000000000000000107409232Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:47.705{3BF36828-A503-618E-5811-01000000CC01}6060C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x8000000000000000107409231Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:47.705{3BF36828-A503-618E-5811-01000000CC01}6060C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x8000000000000000107409230Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:47.705{3BF36828-A503-618E-5811-01000000CC01}6060C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x8000000000000000107409229Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:47.705{3BF36828-A503-618E-5811-01000000CC01}6060C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x8000000000000000107409228Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:47.705{3BF36828-A503-618E-5811-01000000CC01}6060C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x8000000000000000107409227Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:47.705{3BF36828-A503-618E-5811-01000000CC01}6060C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x8000000000000000107409226Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:47.705{3BF36828-A503-618E-5811-01000000CC01}6060C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x8000000000000000107409225Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:47.705{3BF36828-A503-618E-5811-01000000CC01}6060C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x8000000000000000107409224Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:47.705{3BF36828-A503-618E-5811-01000000CC01}6060C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.2969 (rs1_release.190503-1820)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=F5442C4B9A99C3AED71BED79AC46DAD1,SHA256=05F47403F3BD93FB11F39A5CB4D6E4DD08B35FF4FA3D4969D8E5396D38FB484B,IMPHASH=D2F471BB25AF6310EB67BD4EA99B4DBCtrueMicrosoft WindowsValid 10341000x8000000000000000107409223Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:47.705{3BF36828-989E-6185-C300-00000000CC01}59565960C:\Windows\system32\conhost.exe{3BF36828-A503-618E-5811-01000000CC01}6060C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x8000000000000000107409222Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:47.705{3BF36828-A503-618E-5811-01000000CC01}6060C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x8000000000000000107409221Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:47.705{3BF36828-A503-618E-5811-01000000CC01}6060C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x8000000000000000107409220Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:47.705{3BF36828-A503-618E-5811-01000000CC01}6060C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000107409219Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:47.705{3BF36828-A503-618E-5811-01000000CC01}6060C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1CtrueSplunk, Inc.Valid 10341000x8000000000000000107409218Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:47.705{3BF36828-9799-6185-0C00-00000000CC01}844408C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000107409217Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:47.705{3BF36828-9799-6185-0C00-00000000CC01}844408C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000107409216Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:47.705{3BF36828-9799-6185-0C00-00000000CC01}844408C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000107409215Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:47.705{3BF36828-9799-6185-0C00-00000000CC01}844408C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000107409214Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:47.705{3BF36828-9797-6185-0500-00000000CC01}420536C:\Windows\system32\csrss.exe{3BF36828-A503-618E-5811-01000000CC01}6060C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000107409213Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:47.705{3BF36828-989D-6185-BF00-00000000CC01}29682452C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3BF36828-A503-618E-5811-01000000CC01}6060C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000107409212Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:47.690{3BF36828-A503-618E-5811-01000000CC01}6060C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{3BF36828-9797-6185-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{3BF36828-989D-6185-BF00-00000000CC01}2968C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000107409211Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:47.533{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=CAA01751F6A8BF1AA5BF274AD5088BF8,SHA256=79C28F9945427B71D5F750FCD08D20F2F126CE9A8F4FB072C8391320984E3605,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x8000000000000000107409210Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:47.439{3BF36828-A503-618E-5711-01000000CC01}5024C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 10341000x8000000000000000107409209Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:47.439{3BF36828-A503-618E-5711-01000000CC01}50242748C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{3BF36828-989D-6185-BF00-00000000CC01}2968C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x8000000000000000107409208Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:47.439{3BF36828-A503-618E-5711-01000000CC01}5024C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x8000000000000000107409207Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:47.439{3BF36828-A503-618E-5711-01000000CC01}5024C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x8000000000000000107409206Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:47.220{3BF36828-A503-618E-5711-01000000CC01}5024C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x8000000000000000107409205Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:47.220{3BF36828-A503-618E-5711-01000000CC01}5024C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=B6E99FD898E948657373BB02708C7C00,SHA256=90476029BD7AB0FEC53AAE567AE53BC0B09C7C5C8C7B8F19485BA872B74ED591,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x8000000000000000107409204Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:47.220{3BF36828-A503-618E-5711-01000000CC01}5024C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x8000000000000000107409203Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:47.220{3BF36828-A503-618E-5711-01000000CC01}5024C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x8000000000000000107409202Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:47.220{3BF36828-A503-618E-5711-01000000CC01}5024C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x8000000000000000107409201Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:47.220{3BF36828-A503-618E-5711-01000000CC01}5024C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x8000000000000000107409200Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:47.220{3BF36828-A503-618E-5711-01000000CC01}5024C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x8000000000000000107409199Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:47.220{3BF36828-A503-618E-5711-01000000CC01}5024C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x8000000000000000107409198Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:47.205{3BF36828-A503-618E-5711-01000000CC01}5024C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x8000000000000000107409197Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:47.205{3BF36828-A503-618E-5711-01000000CC01}5024C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x8000000000000000107409196Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:47.205{3BF36828-A503-618E-5711-01000000CC01}5024C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x8000000000000000107409195Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:47.205{3BF36828-A503-618E-5711-01000000CC01}5024C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x8000000000000000107409194Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:47.205{3BF36828-A503-618E-5711-01000000CC01}5024C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=88632FDECDE467B887C3594BE2EC545C,SHA256=FFED4D80961917C785063411ED15CED1DB6588AD925E76D72E1BF684FFDBF25D,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x8000000000000000107409193Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:47.205{3BF36828-A503-618E-5711-01000000CC01}5024C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x8000000000000000107409192Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:47.205{3BF36828-A503-618E-5711-01000000CC01}5024C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000107409191Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:47.205{3BF36828-A503-618E-5711-01000000CC01}5024C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x8000000000000000107409190Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:47.205{3BF36828-A503-618E-5711-01000000CC01}5024C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x8000000000000000107409189Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:47.205{3BF36828-A503-618E-5711-01000000CC01}5024C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x8000000000000000107409188Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:47.205{3BF36828-A503-618E-5711-01000000CC01}5024C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x8000000000000000107409187Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:47.205{3BF36828-A503-618E-5711-01000000CC01}5024C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x8000000000000000107409186Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:47.205{3BF36828-A503-618E-5711-01000000CC01}5024C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x8000000000000000107409185Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:47.205{3BF36828-A503-618E-5711-01000000CC01}5024C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x8000000000000000107409184Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:47.205{3BF36828-A503-618E-5711-01000000CC01}5024C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4350 (rs1_release.210407-2154)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=BC930981DA6E598A6A2E87D8355CB38A,SHA256=34DB9A305C0574B5C1694A499221B520DFB2BFD894D8E95096ABF09F1182D758,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x8000000000000000107409183Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:47.205{3BF36828-A503-618E-5711-01000000CC01}5024C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x8000000000000000107409182Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:47.205{3BF36828-A503-618E-5711-01000000CC01}5024C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x8000000000000000107409181Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:47.205{3BF36828-A503-618E-5711-01000000CC01}5024C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x8000000000000000107409180Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:47.205{3BF36828-A503-618E-5711-01000000CC01}5024C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x8000000000000000107409179Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:47.205{3BF36828-A503-618E-5711-01000000CC01}5024C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x8000000000000000107409178Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:47.205{3BF36828-A503-618E-5711-01000000CC01}5024C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x8000000000000000107409177Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:47.205{3BF36828-A503-618E-5711-01000000CC01}5024C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x8000000000000000107409176Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:47.205{3BF36828-A503-618E-5711-01000000CC01}5024C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x8000000000000000107409175Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:47.205{3BF36828-A503-618E-5711-01000000CC01}5024C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x8000000000000000107409174Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:47.205{3BF36828-A503-618E-5711-01000000CC01}5024C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x8000000000000000107409173Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:47.205{3BF36828-A503-618E-5711-01000000CC01}5024C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x8000000000000000107409172Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:47.205{3BF36828-A503-618E-5711-01000000CC01}5024C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.2969 (rs1_release.190503-1820)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=F5442C4B9A99C3AED71BED79AC46DAD1,SHA256=05F47403F3BD93FB11F39A5CB4D6E4DD08B35FF4FA3D4969D8E5396D38FB484B,IMPHASH=D2F471BB25AF6310EB67BD4EA99B4DBCtrueMicrosoft WindowsValid 10341000x8000000000000000107409171Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:47.189{3BF36828-989E-6185-C300-00000000CC01}59565960C:\Windows\system32\conhost.exe{3BF36828-A503-618E-5711-01000000CC01}5024C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x8000000000000000107409170Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:47.189{3BF36828-A503-618E-5711-01000000CC01}5024C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x8000000000000000107409169Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:47.189{3BF36828-A503-618E-5711-01000000CC01}5024C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x8000000000000000107409168Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:47.189{3BF36828-A503-618E-5711-01000000CC01}5024C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000107409167Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:47.189{3BF36828-A503-618E-5711-01000000CC01}5024C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1CtrueSplunk, Inc.Valid 10341000x8000000000000000107409166Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:47.189{3BF36828-9799-6185-0C00-00000000CC01}844408C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000107409165Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:47.189{3BF36828-9799-6185-0C00-00000000CC01}844408C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000107409164Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:47.189{3BF36828-9799-6185-0C00-00000000CC01}844408C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000107409163Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:47.189{3BF36828-9799-6185-0C00-00000000CC01}844408C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000107409162Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:47.189{3BF36828-9797-6185-0500-00000000CC01}420412C:\Windows\system32\csrss.exe{3BF36828-A503-618E-5711-01000000CC01}5024C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000107409161Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:47.189{3BF36828-989D-6185-BF00-00000000CC01}29682452C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3BF36828-A503-618E-5711-01000000CC01}5024C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000107409160Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:47.178{3BF36828-A503-618E-5711-01000000CC01}5024C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{3BF36828-9797-6185-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{3BF36828-989D-6185-BF00-00000000CC01}2968C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000107409159Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:47.173{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7015405FCB91AF63F3CC9C1EC5A4264A,SHA256=F3356573D1831540AE79AF615D69D0DFF6071EA3F055645F86298F448EF68A07,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000055905500Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:25.623{B81B27B7-F671-6183-6900-00000000CA01}4040C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local62973-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000055905499Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:47.125{B81B27B7-F679-6183-7300-00000000CA01}3824NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F2915FD111E7DCC9E86E14C70DAE47E3,SHA256=024EDDCCBF372144BA4CCD1855956E63AB5995DC0D80E2C7FFC9006FF99EC721,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000055905498Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:47.125{B81B27B7-F679-6183-7300-00000000CA01}3824NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=0E71A270AA764B5695097C9099404CE6,SHA256=7F64E2BBB04D1ECB2B23F6A659B5512441F4BE1E5B09C73408150CD2351B9DD0,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000055905505Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:48.484{B81B27B7-F679-6183-7300-00000000CA01}3824NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A839931239FD48893C611CEE907682A0,SHA256=5E637E8AA8E5158AD2866121EE713FFEB5FE76A49771D67D6E1B17076223B4AD,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000107409321Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:48.705{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=7516E67305E7B8986195D2D5921AF4E3,SHA256=680EC286E98529782D2B5E94DD8DA83EFB399D909588B407E6D6F86B3B57FC7A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x8000000000000000107409320Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:48.580{3BF36828-A504-618E-5911-01000000CC01}5704C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x8000000000000000107409319Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:48.580{3BF36828-A504-618E-5911-01000000CC01}5704C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x8000000000000000107409318Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:48.580{3BF36828-A504-618E-5911-01000000CC01}5704C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 10341000x8000000000000000107409317Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:48.548{3BF36828-9D19-618C-1ED4-00000000CC01}61284772C:\Windows\system32\taskmgr.exe{3BF36828-A504-618E-5911-01000000CC01}5704C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+19544|C:\Windows\system32\taskmgr.exe+1a290|C:\Windows\system32\taskmgr.exe+19e20|C:\Windows\system32\taskmgr.exe+1cc42|C:\Windows\system32\taskmgr.exe+14fa9|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000107409316Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:48.548{3BF36828-9D19-618C-1ED4-00000000CC01}61284772C:\Windows\system32\taskmgr.exe{3BF36828-A504-618E-5911-01000000CC01}5704C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\taskmgr.exe+1e590|C:\Windows\system32\taskmgr.exe+1a25e|C:\Windows\system32\taskmgr.exe+19e20|C:\Windows\system32\taskmgr.exe+1cc42|C:\Windows\system32\taskmgr.exe+14fa9|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000107409315Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:48.548{3BF36828-9D19-618C-1ED4-00000000CC01}61284772C:\Windows\system32\taskmgr.exe{3BF36828-A504-618E-5911-01000000CC01}5704C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+1ea6a|C:\Windows\system32\taskmgr.exe+1a0d0|C:\Windows\system32\taskmgr.exe+19e20|C:\Windows\system32\taskmgr.exe+1cc42|C:\Windows\system32\taskmgr.exe+14fa9|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000107409314Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:48.548{3BF36828-9D19-618C-1ED4-00000000CC01}61284772C:\Windows\system32\taskmgr.exe{3BF36828-A504-618E-5911-01000000CC01}5704C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+b1cf|C:\Windows\system32\taskmgr.exe+1a084|C:\Windows\system32\taskmgr.exe+19e20|C:\Windows\system32\taskmgr.exe+1cc42|C:\Windows\system32\taskmgr.exe+14fa9|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000107409313Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:48.548{3BF36828-9D19-618C-1ED4-00000000CC01}61284772C:\Windows\system32\taskmgr.exe{3BF36828-A504-618E-5911-01000000CC01}5704C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+b2b8|C:\Windows\system32\taskmgr.exe+19d0d|C:\Windows\system32\taskmgr.exe+1cc42|C:\Windows\system32\taskmgr.exe+14fa9|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x8000000000000000107409312Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:48.408{3BF36828-A504-618E-5911-01000000CC01}5704C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x8000000000000000107409311Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:48.408{3BF36828-A504-618E-5911-01000000CC01}5704C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rsaenh.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=B6E99FD898E948657373BB02708C7C00,SHA256=90476029BD7AB0FEC53AAE567AE53BC0B09C7C5C8C7B8F19485BA872B74ED591,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x8000000000000000107409310Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:48.408{3BF36828-A504-618E-5911-01000000CC01}5704C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x8000000000000000107409309Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:48.408{3BF36828-A504-618E-5911-01000000CC01}5704C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x8000000000000000107409308Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:48.408{3BF36828-A504-618E-5911-01000000CC01}5704C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x8000000000000000107409307Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:48.408{3BF36828-A504-618E-5911-01000000CC01}5704C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x8000000000000000107409306Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:48.408{3BF36828-A504-618E-5911-01000000CC01}5704C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x8000000000000000107409305Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:48.408{3BF36828-A504-618E-5911-01000000CC01}5704C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x8000000000000000107409304Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:48.392{3BF36828-A504-618E-5911-01000000CC01}5704C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x8000000000000000107409303Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:48.392{3BF36828-A504-618E-5911-01000000CC01}5704C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x8000000000000000107409302Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:48.392{3BF36828-A504-618E-5911-01000000CC01}5704C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x8000000000000000107409301Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:48.392{3BF36828-A504-618E-5911-01000000CC01}5704C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x8000000000000000107409300Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:48.392{3BF36828-A504-618E-5911-01000000CC01}5704C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\combase.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=88632FDECDE467B887C3594BE2EC545C,SHA256=FFED4D80961917C785063411ED15CED1DB6588AD925E76D72E1BF684FFDBF25D,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x8000000000000000107409299Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:48.392{3BF36828-A504-618E-5911-01000000CC01}5704C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x8000000000000000107409298Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:48.392{3BF36828-A504-618E-5911-01000000CC01}5704C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x8000000000000000107409297Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:48.392{3BF36828-A504-618E-5911-01000000CC01}5704C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x8000000000000000107409296Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:48.392{3BF36828-A504-618E-5911-01000000CC01}5704C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000107409295Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:48.392{3BF36828-A504-618E-5911-01000000CC01}5704C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x8000000000000000107409294Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:48.392{3BF36828-A504-618E-5911-01000000CC01}5704C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x8000000000000000107409293Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:48.392{3BF36828-A504-618E-5911-01000000CC01}5704C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x8000000000000000107409292Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:48.392{3BF36828-A504-618E-5911-01000000CC01}5704C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x8000000000000000107409291Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:48.392{3BF36828-A504-618E-5911-01000000CC01}5704C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x8000000000000000107409290Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:48.392{3BF36828-A504-618E-5911-01000000CC01}5704C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x8000000000000000107409289Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:48.392{3BF36828-A504-618E-5911-01000000CC01}5704C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x8000000000000000107409288Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:48.392{3BF36828-A504-618E-5911-01000000CC01}5704C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x8000000000000000107409287Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:48.392{3BF36828-A504-618E-5911-01000000CC01}5704C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4350 (rs1_release.210407-2154)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=BC930981DA6E598A6A2E87D8355CB38A,SHA256=34DB9A305C0574B5C1694A499221B520DFB2BFD894D8E95096ABF09F1182D758,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x8000000000000000107409286Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:48.392{3BF36828-A504-618E-5911-01000000CC01}5704C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x8000000000000000107409285Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:48.392{3BF36828-A504-618E-5911-01000000CC01}5704C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x8000000000000000107409284Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:48.392{3BF36828-A504-618E-5911-01000000CC01}5704C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x8000000000000000107409283Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:48.392{3BF36828-A504-618E-5911-01000000CC01}5704C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x8000000000000000107409282Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:48.392{3BF36828-A504-618E-5911-01000000CC01}5704C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x8000000000000000107409281Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:48.392{3BF36828-A504-618E-5911-01000000CC01}5704C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x8000000000000000107409280Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:48.392{3BF36828-A504-618E-5911-01000000CC01}5704C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x8000000000000000107409279Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:48.392{3BF36828-A504-618E-5911-01000000CC01}5704C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x8000000000000000107409278Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:48.392{3BF36828-A504-618E-5911-01000000CC01}5704C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\fltLib.dll10.0.14393.0 (rs1_release.160715-1616)Filter LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationfilterLib.dllMD5=051ABD8360BDA63A1BC77C662FBF0A25,SHA256=C914E2DBAEC2C9A11923A984B30A979637D3A27B3C29E93F4C90FB1D9FBC518F,IMPHASH=74D3C2DA8B6F9861866B866AE40683D3trueMicrosoft WindowsValid 734700x8000000000000000107409277Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:48.392{3BF36828-A504-618E-5911-01000000CC01}5704C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\advapi32.dll10.0.14393.2969 (rs1_release.190503-1820)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=F5442C4B9A99C3AED71BED79AC46DAD1,SHA256=05F47403F3BD93FB11F39A5CB4D6E4DD08B35FF4FA3D4969D8E5396D38FB484B,IMPHASH=D2F471BB25AF6310EB67BD4EA99B4DBCtrueMicrosoft WindowsValid 23542300x8000000000000000107409276Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:48.392{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AC294749704840A15A1DEA56F31BD681,SHA256=F76CFCA41F5E53E109531C8AA3F48F9ECAB6DCCE2871D4DBDCC6C81B23663914,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x8000000000000000107409275Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:48.392{3BF36828-989E-6185-C300-00000000CC01}59565960C:\Windows\system32\conhost.exe{3BF36828-A504-618E-5911-01000000CC01}5704C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x8000000000000000107409274Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:48.392{3BF36828-A504-618E-5911-01000000CC01}5704C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x8000000000000000107409273Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:48.392{3BF36828-A504-618E-5911-01000000CC01}5704C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x8000000000000000107409272Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:48.392{3BF36828-A504-618E-5911-01000000CC01}5704C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000107409271Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:48.392{3BF36828-A504-618E-5911-01000000CC01}5704C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exeMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8trueSplunk, Inc.Valid 10341000x8000000000000000107409270Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:48.392{3BF36828-9799-6185-0C00-00000000CC01}844408C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000107409269Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:48.392{3BF36828-9799-6185-0C00-00000000CC01}844408C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000107409268Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:48.392{3BF36828-9799-6185-0C00-00000000CC01}844408C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000107409267Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:48.392{3BF36828-9799-6185-0C00-00000000CC01}844408C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000107409266Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:48.392{3BF36828-9797-6185-0500-00000000CC01}420412C:\Windows\system32\csrss.exe{3BF36828-A504-618E-5911-01000000CC01}5704C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000107409265Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:48.392{3BF36828-989D-6185-BF00-00000000CC01}29682452C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3BF36828-A504-618E-5911-01000000CC01}5704C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000107409264Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:48.377{3BF36828-A504-618E-5911-01000000CC01}5704C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{3BF36828-9797-6185-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{3BF36828-989D-6185-BF00-00000000CC01}2968C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000055905506Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:49.500{B81B27B7-F679-6183-7300-00000000CA01}3824NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FB879DE8E3E5B57E54DF4E1EC83DC024,SHA256=5EBBE69A71BA0544551F5F3C4AF979CCA2B4F5801D6AA70F31B62F382DE1D049,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x8000000000000000107409423Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:49.798{3BF36828-A505-618E-5B11-01000000CC01}2132C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x8000000000000000107409422Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:49.798{3BF36828-A505-618E-5B11-01000000CC01}2132C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rsaenh.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=B6E99FD898E948657373BB02708C7C00,SHA256=90476029BD7AB0FEC53AAE567AE53BC0B09C7C5C8C7B8F19485BA872B74ED591,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x8000000000000000107409421Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:49.798{3BF36828-A505-618E-5B11-01000000CC01}2132C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x8000000000000000107409420Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:49.783{3BF36828-A505-618E-5B11-01000000CC01}2132C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x8000000000000000107409419Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:49.783{3BF36828-A505-618E-5B11-01000000CC01}2132C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x8000000000000000107409418Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:49.783{3BF36828-A505-618E-5B11-01000000CC01}2132C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x8000000000000000107409417Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:49.783{3BF36828-A505-618E-5B11-01000000CC01}2132C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x8000000000000000107409416Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:49.783{3BF36828-A505-618E-5B11-01000000CC01}2132C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x8000000000000000107409415Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:49.783{3BF36828-A505-618E-5B11-01000000CC01}2132C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x8000000000000000107409414Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:49.783{3BF36828-A505-618E-5B11-01000000CC01}2132C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x8000000000000000107409413Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:49.783{3BF36828-A505-618E-5B11-01000000CC01}2132C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x8000000000000000107409412Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:49.783{3BF36828-A505-618E-5B11-01000000CC01}2132C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x8000000000000000107409411Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:49.783{3BF36828-A505-618E-5B11-01000000CC01}2132C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x8000000000000000107409410Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:49.783{3BF36828-A505-618E-5B11-01000000CC01}2132C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x8000000000000000107409409Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:49.783{3BF36828-A505-618E-5B11-01000000CC01}2132C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x8000000000000000107409408Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:49.783{3BF36828-A505-618E-5B11-01000000CC01}2132C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x8000000000000000107409407Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:49.783{3BF36828-A505-618E-5B11-01000000CC01}2132C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x8000000000000000107409406Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:49.783{3BF36828-A505-618E-5B11-01000000CC01}2132C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x8000000000000000107409405Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:49.783{3BF36828-A505-618E-5B11-01000000CC01}2132C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x8000000000000000107409404Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:49.783{3BF36828-A505-618E-5B11-01000000CC01}2132C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x8000000000000000107409403Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:49.783{3BF36828-A505-618E-5B11-01000000CC01}2132C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x8000000000000000107409402Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:49.783{3BF36828-A505-618E-5B11-01000000CC01}2132C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x8000000000000000107409401Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:49.783{3BF36828-A505-618E-5B11-01000000CC01}2132C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x8000000000000000107409400Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:49.783{3BF36828-A505-618E-5B11-01000000CC01}2132C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\advapi32.dll10.0.14393.2969 (rs1_release.190503-1820)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=F5442C4B9A99C3AED71BED79AC46DAD1,SHA256=05F47403F3BD93FB11F39A5CB4D6E4DD08B35FF4FA3D4969D8E5396D38FB484B,IMPHASH=D2F471BB25AF6310EB67BD4EA99B4DBCtrueMicrosoft WindowsValid 734700x8000000000000000107409399Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:49.767{3BF36828-A505-618E-5B11-01000000CC01}2132C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x8000000000000000107409398Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:49.767{3BF36828-A505-618E-5B11-01000000CC01}2132C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x8000000000000000107409397Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:49.767{3BF36828-A505-618E-5B11-01000000CC01}2132C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x8000000000000000107409396Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:49.767{3BF36828-A505-618E-5B11-01000000CC01}2132C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x8000000000000000107409395Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:49.767{3BF36828-A505-618E-5B11-01000000CC01}2132C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4350 (rs1_release.210407-2154)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=BC930981DA6E598A6A2E87D8355CB38A,SHA256=34DB9A305C0574B5C1694A499221B520DFB2BFD894D8E95096ABF09F1182D758,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x8000000000000000107409394Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:49.767{3BF36828-A505-618E-5B11-01000000CC01}2132C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x8000000000000000107409393Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:49.767{3BF36828-A505-618E-5B11-01000000CC01}2132C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\combase.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=88632FDECDE467B887C3594BE2EC545C,SHA256=FFED4D80961917C785063411ED15CED1DB6588AD925E76D72E1BF684FFDBF25D,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x8000000000000000107409392Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:49.767{3BF36828-A505-618E-5B11-01000000CC01}2132C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x8000000000000000107409391Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:49.767{3BF36828-A505-618E-5B11-01000000CC01}2132C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x8000000000000000107409390Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:49.767{3BF36828-A505-618E-5B11-01000000CC01}2132C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x8000000000000000107409389Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:49.767{3BF36828-A505-618E-5B11-01000000CC01}2132C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000107409388Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:49.767{3BF36828-A505-618E-5B11-01000000CC01}2132C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 10341000x8000000000000000107409387Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:49.767{3BF36828-989E-6185-C300-00000000CC01}59565960C:\Windows\system32\conhost.exe{3BF36828-A505-618E-5B11-01000000CC01}2132C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x8000000000000000107409386Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:49.767{3BF36828-A505-618E-5B11-01000000CC01}2132C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x8000000000000000107409385Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:49.767{3BF36828-A505-618E-5B11-01000000CC01}2132C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x8000000000000000107409384Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:49.767{3BF36828-A505-618E-5B11-01000000CC01}2132C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000107409383Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:49.767{3BF36828-A505-618E-5B11-01000000CC01}2132C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exeMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165trueSplunk, Inc.Valid 10341000x8000000000000000107409382Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:49.767{3BF36828-9799-6185-0C00-00000000CC01}844408C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000107409381Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:49.767{3BF36828-9799-6185-0C00-00000000CC01}844408C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000107409380Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:49.767{3BF36828-9799-6185-0C00-00000000CC01}844408C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000107409379Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:49.767{3BF36828-9799-6185-0C00-00000000CC01}844408C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000107409378Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:49.767{3BF36828-9797-6185-0500-00000000CC01}420436C:\Windows\system32\csrss.exe{3BF36828-A505-618E-5B11-01000000CC01}2132C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000107409377Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:49.767{3BF36828-989D-6185-BF00-00000000CC01}29682452C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3BF36828-A505-618E-5B11-01000000CC01}2132C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000107409376Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:49.752{3BF36828-A505-618E-5B11-01000000CC01}2132C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{3BF36828-9797-6185-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{3BF36828-989D-6185-BF00-00000000CC01}2968C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000107409375Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:49.470{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B218201777908113FDCB79B6B96856E7,SHA256=88C2874C42A2994C78C70C27413775DB2C2BD7C7CBC62CD9C6E58826C7031F39,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x8000000000000000107409374Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:49.236{3BF36828-A505-618E-5A11-01000000CC01}4488C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 10341000x8000000000000000107409373Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:49.236{3BF36828-A505-618E-5A11-01000000CC01}44885448C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{3BF36828-989D-6185-BF00-00000000CC01}2968C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x8000000000000000107409372Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:49.236{3BF36828-A505-618E-5A11-01000000CC01}4488C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x8000000000000000107409371Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:49.236{3BF36828-A505-618E-5A11-01000000CC01}4488C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 23542300x8000000000000000107409370Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:49.111{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5DE6DCA84B83B33D8618034985D12B81,SHA256=C114BCE21E968C294199B7142A9A3519B06E0C0C4A3F1E68A0969CC96E951E1B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x8000000000000000107409369Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:49.095{3BF36828-A505-618E-5A11-01000000CC01}4488C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x8000000000000000107409368Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:49.095{3BF36828-A505-618E-5A11-01000000CC01}4488C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=B6E99FD898E948657373BB02708C7C00,SHA256=90476029BD7AB0FEC53AAE567AE53BC0B09C7C5C8C7B8F19485BA872B74ED591,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x8000000000000000107409367Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:49.095{3BF36828-A505-618E-5A11-01000000CC01}4488C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x8000000000000000107409366Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:49.095{3BF36828-A505-618E-5A11-01000000CC01}4488C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x8000000000000000107409365Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:49.095{3BF36828-A505-618E-5A11-01000000CC01}4488C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x8000000000000000107409364Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:49.095{3BF36828-A505-618E-5A11-01000000CC01}4488C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x8000000000000000107409363Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:49.095{3BF36828-A505-618E-5A11-01000000CC01}4488C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x8000000000000000107409362Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:49.095{3BF36828-A505-618E-5A11-01000000CC01}4488C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x8000000000000000107409361Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:49.080{3BF36828-A505-618E-5A11-01000000CC01}4488C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x8000000000000000107409360Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:49.080{3BF36828-A505-618E-5A11-01000000CC01}4488C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x8000000000000000107409359Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:49.080{3BF36828-A505-618E-5A11-01000000CC01}4488C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x8000000000000000107409358Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:49.080{3BF36828-A505-618E-5A11-01000000CC01}4488C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x8000000000000000107409357Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:49.080{3BF36828-A505-618E-5A11-01000000CC01}4488C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\combase.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=88632FDECDE467B887C3594BE2EC545C,SHA256=FFED4D80961917C785063411ED15CED1DB6588AD925E76D72E1BF684FFDBF25D,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x8000000000000000107409356Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:49.080{3BF36828-A505-618E-5A11-01000000CC01}4488C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x8000000000000000107409355Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:49.080{3BF36828-A505-618E-5A11-01000000CC01}4488C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x8000000000000000107409354Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:49.080{3BF36828-A505-618E-5A11-01000000CC01}4488C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x8000000000000000107409353Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:49.080{3BF36828-A505-618E-5A11-01000000CC01}4488C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x8000000000000000107409352Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:49.080{3BF36828-A505-618E-5A11-01000000CC01}4488C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000107409351Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:49.080{3BF36828-A505-618E-5A11-01000000CC01}4488C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x8000000000000000107409350Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:49.080{3BF36828-A505-618E-5A11-01000000CC01}4488C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x8000000000000000107409349Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:49.080{3BF36828-A505-618E-5A11-01000000CC01}4488C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x8000000000000000107409348Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:49.080{3BF36828-A505-618E-5A11-01000000CC01}4488C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x8000000000000000107409347Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:49.080{3BF36828-A505-618E-5A11-01000000CC01}4488C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x8000000000000000107409346Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:49.080{3BF36828-A505-618E-5A11-01000000CC01}4488C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4350 (rs1_release.210407-2154)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=BC930981DA6E598A6A2E87D8355CB38A,SHA256=34DB9A305C0574B5C1694A499221B520DFB2BFD894D8E95096ABF09F1182D758,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x8000000000000000107409345Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:49.080{3BF36828-A505-618E-5A11-01000000CC01}4488C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x8000000000000000107409344Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:49.080{3BF36828-A505-618E-5A11-01000000CC01}4488C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x8000000000000000107409343Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:49.080{3BF36828-A505-618E-5A11-01000000CC01}4488C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x8000000000000000107409342Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:49.080{3BF36828-A505-618E-5A11-01000000CC01}4488C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x8000000000000000107409341Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:49.080{3BF36828-A505-618E-5A11-01000000CC01}4488C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x8000000000000000107409340Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:49.080{3BF36828-A505-618E-5A11-01000000CC01}4488C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x8000000000000000107409339Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:49.080{3BF36828-A505-618E-5A11-01000000CC01}4488C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5,IMPHASH=0D8FF9DE2DA5C07D680347B1A098E759trueMicrosoft WindowsValid 734700x8000000000000000107409338Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:49.080{3BF36828-A505-618E-5A11-01000000CC01}4488C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\advapi32.dll10.0.14393.2969 (rs1_release.190503-1820)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=F5442C4B9A99C3AED71BED79AC46DAD1,SHA256=05F47403F3BD93FB11F39A5CB4D6E4DD08B35FF4FA3D4969D8E5396D38FB484B,IMPHASH=D2F471BB25AF6310EB67BD4EA99B4DBCtrueMicrosoft WindowsValid 734700x8000000000000000107409337Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:49.080{3BF36828-A505-618E-5A11-01000000CC01}4488C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x8000000000000000107409336Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:49.080{3BF36828-A505-618E-5A11-01000000CC01}4488C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x8000000000000000107409335Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:49.080{3BF36828-A505-618E-5A11-01000000CC01}4488C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x8000000000000000107409334Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:49.080{3BF36828-A505-618E-5A11-01000000CC01}4488C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 10341000x8000000000000000107409333Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:49.080{3BF36828-989E-6185-C300-00000000CC01}59565960C:\Windows\system32\conhost.exe{3BF36828-A505-618E-5A11-01000000CC01}4488C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x8000000000000000107409332Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:49.080{3BF36828-A505-618E-5A11-01000000CC01}4488C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x8000000000000000107409331Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:49.080{3BF36828-A505-618E-5A11-01000000CC01}4488C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x8000000000000000107409330Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:49.080{3BF36828-A505-618E-5A11-01000000CC01}4488C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 10341000x8000000000000000107409329Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:49.080{3BF36828-9799-6185-0C00-00000000CC01}844408C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x8000000000000000107409328Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:49.080{3BF36828-A505-618E-5A11-01000000CC01}4488C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exeMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25trueSplunk, Inc.Valid 10341000x8000000000000000107409327Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:49.080{3BF36828-9799-6185-0C00-00000000CC01}844408C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000107409326Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:49.080{3BF36828-9799-6185-0C00-00000000CC01}844408C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000107409325Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:49.080{3BF36828-9799-6185-0C00-00000000CC01}844408C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000107409324Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:49.080{3BF36828-9797-6185-0500-00000000CC01}420536C:\Windows\system32\csrss.exe{3BF36828-A505-618E-5A11-01000000CC01}4488C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000107409323Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:49.080{3BF36828-989D-6185-BF00-00000000CC01}29682452C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3BF36828-A505-618E-5A11-01000000CC01}4488C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000107409322Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:49.065{3BF36828-A505-618E-5A11-01000000CC01}4488C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{3BF36828-9797-6185-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{3BF36828-989D-6185-BF00-00000000CC01}2968C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000107409481Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:50.754{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=52A8860B9670CC1624141ECAA9D5B622,SHA256=3106A71AF5F741BBE3544C90900AAA55A7415BF33A1E2CFFD7FE8BAFD8D5956D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000107409480Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:50.598{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D5FE1FA4F03429F0743BEF63F24B4657,SHA256=3EAA3D565DBBBBA60B08AC22FE267E1E652782B035D15E53345DD98C9F95D8AA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x8000000000000000107409479Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:57.488{3BF36828-98A5-6185-ED00-00000000CC01}2352C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local61650-false10.0.1.12-8000- 734700x8000000000000000107409478Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:50.520{3BF36828-A506-618E-5C11-01000000CC01}4316C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x8000000000000000107409477Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:50.520{3BF36828-A506-618E-5C11-01000000CC01}4316C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x8000000000000000107409476Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:50.520{3BF36828-A506-618E-5C11-01000000CC01}4316C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 23542300x800000000000000055905507Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:50.515{B81B27B7-F679-6183-7300-00000000CA01}3824NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E85252028C0D5D2FD5090279CEDB7B5B,SHA256=7B8CABDFAC2230D4354F97FCBFDC09F61F4D1D7450DE7F98221A08DF85697BD0,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x8000000000000000107409475Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:50.316{3BF36828-A506-618E-5C11-01000000CC01}4316C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x8000000000000000107409474Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:50.316{3BF36828-A506-618E-5C11-01000000CC01}4316C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=B6E99FD898E948657373BB02708C7C00,SHA256=90476029BD7AB0FEC53AAE567AE53BC0B09C7C5C8C7B8F19485BA872B74ED591,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x8000000000000000107409473Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:50.316{3BF36828-A506-618E-5C11-01000000CC01}4316C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x8000000000000000107409472Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:50.316{3BF36828-A506-618E-5C11-01000000CC01}4316C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x8000000000000000107409471Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:50.316{3BF36828-A506-618E-5C11-01000000CC01}4316C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x8000000000000000107409470Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:50.316{3BF36828-A506-618E-5C11-01000000CC01}4316C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x8000000000000000107409469Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:50.316{3BF36828-A506-618E-5C11-01000000CC01}4316C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x8000000000000000107409468Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:50.301{3BF36828-A506-618E-5C11-01000000CC01}4316C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x8000000000000000107409467Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:50.301{3BF36828-A506-618E-5C11-01000000CC01}4316C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x8000000000000000107409466Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:50.301{3BF36828-A506-618E-5C11-01000000CC01}4316C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x8000000000000000107409465Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:50.301{3BF36828-A506-618E-5C11-01000000CC01}4316C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x8000000000000000107409464Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:50.285{3BF36828-A506-618E-5C11-01000000CC01}4316C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\winspool.drv10.0.14393.4169 (rs1_release.210107-1130)Windows Spooler DriverMicrosoft® Windows® Operating SystemMicrosoft Corporationwinspool.drvMD5=D21FAA584F844E61375D95B5BE9115EE,SHA256=E221EA0081FDE7AAAD71A38016A8D470082B3732E9ED2D8ED7C97E9F41AF0045,IMPHASH=2005807FD04567B79F4109D23F9E6018trueMicrosoft WindowsValid 734700x8000000000000000107409463Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:50.285{3BF36828-A506-618E-5C11-01000000CC01}4316C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x8000000000000000107409462Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:50.285{3BF36828-A506-618E-5C11-01000000CC01}4316C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x8000000000000000107409461Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:50.285{3BF36828-A506-618E-5C11-01000000CC01}4316C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x8000000000000000107409460Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:50.285{3BF36828-A506-618E-5C11-01000000CC01}4316C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x8000000000000000107409459Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:50.285{3BF36828-A506-618E-5C11-01000000CC01}4316C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x8000000000000000107409458Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:50.285{3BF36828-A506-618E-5C11-01000000CC01}4316C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x8000000000000000107409457Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:50.285{3BF36828-A506-618E-5C11-01000000CC01}4316C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x8000000000000000107409456Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:50.285{3BF36828-A506-618E-5C11-01000000CC01}4316C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\combase.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=88632FDECDE467B887C3594BE2EC545C,SHA256=FFED4D80961917C785063411ED15CED1DB6588AD925E76D72E1BF684FFDBF25D,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x8000000000000000107409455Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:50.285{3BF36828-A506-618E-5C11-01000000CC01}4316C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x8000000000000000107409454Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:50.285{3BF36828-A506-618E-5C11-01000000CC01}4316C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x8000000000000000107409453Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:50.285{3BF36828-A506-618E-5C11-01000000CC01}4316C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x8000000000000000107409452Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:50.285{3BF36828-A506-618E-5C11-01000000CC01}4316C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x8000000000000000107409451Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:50.285{3BF36828-A506-618E-5C11-01000000CC01}4316C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x8000000000000000107409450Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:50.285{3BF36828-A506-618E-5C11-01000000CC01}4316C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x8000000000000000107409449Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:50.285{3BF36828-A506-618E-5C11-01000000CC01}4316C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x8000000000000000107409448Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:50.285{3BF36828-A506-618E-5C11-01000000CC01}4316C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x8000000000000000107409447Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:50.285{3BF36828-A506-618E-5C11-01000000CC01}4316C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4350 (rs1_release.210407-2154)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=BC930981DA6E598A6A2E87D8355CB38A,SHA256=34DB9A305C0574B5C1694A499221B520DFB2BFD894D8E95096ABF09F1182D758,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x8000000000000000107409446Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:50.285{3BF36828-A506-618E-5C11-01000000CC01}4316C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x8000000000000000107409445Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:50.285{3BF36828-A506-618E-5C11-01000000CC01}4316C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x8000000000000000107409444Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:50.285{3BF36828-A506-618E-5C11-01000000CC01}4316C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\advapi32.dll10.0.14393.2969 (rs1_release.190503-1820)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=F5442C4B9A99C3AED71BED79AC46DAD1,SHA256=05F47403F3BD93FB11F39A5CB4D6E4DD08B35FF4FA3D4969D8E5396D38FB484B,IMPHASH=D2F471BB25AF6310EB67BD4EA99B4DBCtrueMicrosoft WindowsValid 734700x8000000000000000107409443Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:50.285{3BF36828-A506-618E-5C11-01000000CC01}4316C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x8000000000000000107409442Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:50.285{3BF36828-A506-618E-5C11-01000000CC01}4316C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x8000000000000000107409441Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:50.285{3BF36828-A506-618E-5C11-01000000CC01}4316C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000107409440Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:50.285{3BF36828-A506-618E-5C11-01000000CC01}4316C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 10341000x8000000000000000107409439Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:50.269{3BF36828-989E-6185-C300-00000000CC01}59565960C:\Windows\system32\conhost.exe{3BF36828-A506-618E-5C11-01000000CC01}4316C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x8000000000000000107409438Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:50.269{3BF36828-A506-618E-5C11-01000000CC01}4316C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x8000000000000000107409437Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:50.269{3BF36828-A506-618E-5C11-01000000CC01}4316C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x8000000000000000107409436Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:50.269{3BF36828-A506-618E-5C11-01000000CC01}4316C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000107409435Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:50.269{3BF36828-A506-618E-5C11-01000000CC01}4316C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exeMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748trueSplunk, Inc.Valid 10341000x8000000000000000107409434Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:50.269{3BF36828-9799-6185-0C00-00000000CC01}844408C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000107409433Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:50.269{3BF36828-9799-6185-0C00-00000000CC01}844408C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000107409432Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:50.269{3BF36828-9799-6185-0C00-00000000CC01}844408C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000107409431Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:50.269{3BF36828-9799-6185-0C00-00000000CC01}844408C:\Windows\system32\svchost.exe{3BF36828-97A9-6185-2A00-00000000CC01}2912C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000107409430Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:50.269{3BF36828-9797-6185-0500-00000000CC01}420436C:\Windows\system32\csrss.exe{3BF36828-A506-618E-5C11-01000000CC01}4316C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000107409429Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:50.269{3BF36828-989D-6185-BF00-00000000CC01}29682452C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3BF36828-A506-618E-5C11-01000000CC01}4316C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000107409428Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:50.255{3BF36828-A506-618E-5C11-01000000CC01}4316C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{3BF36828-9797-6185-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{3BF36828-989D-6185-BF00-00000000CC01}2968C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000107409427Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:50.127{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=3C27601A09F9F7A9AC3B127BB56649E5,SHA256=56C3197B5088ABF21C87D162B11313D9548B157580BE0CC7F49EFBA1A8CEB71F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x8000000000000000107409426Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:50.033{3BF36828-A505-618E-5B11-01000000CC01}2132648C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{3BF36828-989D-6185-BF00-00000000CC01}2968C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x8000000000000000107409425Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:50.033{3BF36828-A505-618E-5B11-01000000CC01}2132C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x8000000000000000107409424Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:50.033{3BF36828-A505-618E-5B11-01000000CC01}2132C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 23542300x8000000000000000107409483Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:51.626{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=50263A124CFDAF1E0F57FFF6126F49D5,SHA256=03F7387C25A7908687723631B75B6C18F2BEF027705EFFD18C728D7C5780E44D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000055905508Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:51.531{B81B27B7-F679-6183-7300-00000000CA01}3824NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D1B9B8DC7D9C8335EF11415600C2AB42,SHA256=B70328D2D85026C6247ACC4906DD93BB1639CBD4BECB956B3F5F178D297A73B9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000107409482Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:51.298{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=1772A95B22E8B203F02E4736BBF2FE6F,SHA256=B98779CDED517A290838B7097F8DDA578853110CF2614B1AC74D5A598048837E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000107409484Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:52.663{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E4DDC26A6A86E58D7CB123B360DA78FB,SHA256=9EB865DA6F3D76A6E9B55D20738D7057EE93D37E49343886CA2EA305567A9691,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000055905510Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:52.547{B81B27B7-F679-6183-7300-00000000CA01}3824NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D265643367431A853A0E1A0DEB9D4ABA,SHA256=1B35C0E0E84DF401B747996878CD58EAB5CEB97528ECE3C0775F42FA61DFF565,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000055905509Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:30.761{B81B27B7-F671-6183-6900-00000000CA01}4040C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local62974-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x8000000000000000107409485Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:53.678{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2CCC7BE956D767372ACFFF434EBB073F,SHA256=B6421D4EC967F9A54E14827C9101D45E151E5DE9EF06896B80E7E0EBBE4B1628,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000055905511Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:53.562{B81B27B7-F679-6183-7300-00000000CA01}3824NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=667BBFDAB2694A9CE1197B0E779A0272,SHA256=3173C629F613AE86EDC3098C1334637D3EA585E29B9D0A235EAF251BA46048EF,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000107409487Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:54.897{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8C561D71EF6EA93EEF16B274D3C2F475,SHA256=34B99ED5F4331DB42B9FD3503EFDC22BE035C18946F25C90C34FE4708A3B0A96,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000055905512Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:54.594{B81B27B7-F679-6183-7300-00000000CA01}3824NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EF6A139298A1D85F8A296398726C276E,SHA256=59F47A3C22CCE69CB8C1CA1C342D3BC4D200D296CCD4BF13C536E0FD7DF6D6FA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000107409486Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:54.241{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=AB98F951FB2975E803B9D27CB58ED12E,SHA256=D0A3FEF054F14FBE944BFAE3DF8666ECF02003306FD81DD4C86BA63D8D5FFB0B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000055905513Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:55.672{B81B27B7-F679-6183-7300-00000000CA01}3824NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D7369FF1425CB465522652663D508242,SHA256=DFD65F4A9CA35AD6933507D35E5BD06829D5A4A2433A29EBD9E23BF541E2AF65,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000107409489Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:55.928{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=76C6422A533B0C02D824911D5534177F,SHA256=B691F400ED5169071D42B7F9CCF4690EF37F774FF9F6D145EBF5C3B6285314D4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x8000000000000000107409488Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:32:02.649{3BF36828-98A5-6185-ED00-00000000CC01}2352C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local61651-false10.0.1.12-8000- 23542300x8000000000000000107409490Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:56.944{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2B7922031BD05B510B21C26C2A867EDC,SHA256=52396C221FFA2F40EDC96023DF0DDAB6639550CD421EE005BCE5D1DD355FCEC2,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000055905528Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:56.812{B81B27B7-F679-6183-7300-00000000CA01}3824NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2FC4CC5F890FB87D2434398F1C536BE5,SHA256=2450A8DFE72830EE6F929F12B30288331F8961B2CEB740915238DF93EB624677,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000055905527Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:56.609{B81B27B7-A50C-618E-BA42-01000000CA01}41003140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{B81B27B7-F667-6183-2200-00000000CA01}1748C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000055905526Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:56.390{B81B27B7-F668-6183-3000-00000000CA01}32323252C:\Windows\system32\conhost.exe{B81B27B7-A50C-618E-BA42-01000000CA01}4100C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000055905525Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:56.390{B81B27B7-F665-6183-0C00-00000000CA01}7321216C:\Windows\system32\svchost.exe{B81B27B7-F667-6183-2400-00000000CA01}1692C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000055905524Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:56.390{B81B27B7-F665-6183-0C00-00000000CA01}7321216C:\Windows\system32\svchost.exe{B81B27B7-F667-6183-2400-00000000CA01}1692C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000055905523Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:56.390{B81B27B7-F665-6183-0C00-00000000CA01}7321216C:\Windows\system32\svchost.exe{B81B27B7-F667-6183-2400-00000000CA01}1692C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000055905522Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:56.390{B81B27B7-F665-6183-0C00-00000000CA01}7321216C:\Windows\system32\svchost.exe{B81B27B7-F667-6183-2400-00000000CA01}1692C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000055905521Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:56.390{B81B27B7-F665-6183-0C00-00000000CA01}7321216C:\Windows\system32\svchost.exe{B81B27B7-F667-6183-2400-00000000CA01}1692C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000055905520Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:56.390{B81B27B7-F665-6183-0C00-00000000CA01}7321216C:\Windows\system32\svchost.exe{B81B27B7-F667-6183-2400-00000000CA01}1692C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000055905519Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:56.390{B81B27B7-F665-6183-0C00-00000000CA01}7321216C:\Windows\system32\svchost.exe{B81B27B7-F667-6183-2400-00000000CA01}1692C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000055905518Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:56.390{B81B27B7-F665-6183-0C00-00000000CA01}7321216C:\Windows\system32\svchost.exe{B81B27B7-F667-6183-2400-00000000CA01}1692C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000055905517Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:56.390{B81B27B7-F665-6183-0C00-00000000CA01}7321216C:\Windows\system32\svchost.exe{B81B27B7-F667-6183-2400-00000000CA01}1692C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000055905516Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:56.390{B81B27B7-F665-6183-0500-00000000CA01}412428C:\Windows\system32\csrss.exe{B81B27B7-A50C-618E-BA42-01000000CA01}4100C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000055905515Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:56.390{B81B27B7-F667-6183-2200-00000000CA01}17483236C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{B81B27B7-A50C-618E-BA42-01000000CA01}4100C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000055905514Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:56.376{B81B27B7-A50C-618E-BA42-01000000CA01}4100C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{B81B27B7-F665-6183-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{B81B27B7-F667-6183-2200-00000000CA01}1748C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000107409491Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-11-12 17:31:57.944{3BF36828-98AB-6185-F600-00000000CC01}5748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CD2D11397B426046B733523E30DCC2B2,SHA256=BC4F3C5C2D54EE5790E6DE075E1AF5D5E6C28F9F54B25FE93A47EF532ADFD23F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000055905543Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:57.390{B81B27B7-F679-6183-7300-00000000CA01}3824NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=0B95E641CD5C1C4969703AFDC2AE03D6,SHA256=175B1DCF0E95929025B4AF5207F165A720446D88E0D9A47D569697E5B1CDAA82,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000055905542Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:57.390{B81B27B7-F679-6183-7300-00000000CA01}3824NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F2915FD111E7DCC9E86E14C70DAE47E3,SHA256=024EDDCCBF372144BA4CCD1855956E63AB5995DC0D80E2C7FFC9006FF99EC721,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000055905541Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:57.078{B81B27B7-F668-6183-3000-00000000CA01}32323252C:\Windows\system32\conhost.exe{B81B27B7-A50D-618E-BB42-01000000CA01}4968C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000055905540Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-11-12 17:31:57.078{B81B27B7-F665-6183-0C00-00000000CA01}7321216C:\Windows\system32\svchost.exe{B81B27B7-F667-6183-2400-00000000CA01}1692C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000055905539Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-