23542300x800000000000000030724922Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:20.953{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=536D3C666578588B834D93C6490CFDAC,SHA256=B389214A2642DF186648365FEF30A21233F71548EA09DB6F498F2770D9E93AC5,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030724921Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:20.953{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=64702D3A31F5EDF6CBDDA2103D97C463,SHA256=1045B696F122A5698F835D0B8C993E376B84836831830ED45F5B879C1970BFF3,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030724920Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:20.875{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=57AA752E1B41533A90B11A6AB91CCEEF,SHA256=4F039A4B5C4200E247FC120475FB2CB1B0E49138C05E5D44C912319EBFB4CC85,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000047953931Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:16.260{3BF36828-4019-611D-0B00-00000000CA01}628C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:b574:557a:2d92:ce61win-dc-128.attackrange.local53739-truefe80:0:0:0:b574:557a:2d92:ce61win-dc-128.attackrange.local389ldap 354300x800000000000000047953930Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:16.260{3BF36828-402C-611D-3500-00000000CA01}1532C:\Windows\System32\dfsrs.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:b574:557a:2d92:ce61win-dc-128.attackrange.local53739-truefe80:0:0:0:b574:557a:2d92:ce61win-dc-128.attackrange.local389ldap 354300x800000000000000047953929Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:16.251{3BF36828-4019-611D-0B00-00000000CA01}628C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:b574:557a:2d92:ce61win-dc-128.attackrange.local53738-truefe80:0:0:0:b574:557a:2d92:ce61win-dc-128.attackrange.local389ldap 354300x800000000000000047953928Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:16.251{3BF36828-402C-611D-3500-00000000CA01}1532C:\Windows\System32\dfsrs.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:b574:557a:2d92:ce61win-dc-128.attackrange.local53738-truefe80:0:0:0:b574:557a:2d92:ce61win-dc-128.attackrange.local389ldap 23542300x800000000000000047953927Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:20.398{3BF36828-401B-611D-1200-00000000CA01}760NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=EDC60814ECEF6FD17EE8FC318B9613A6,SHA256=9B0EE3C88056ECE298A0017CE7A57A4DB7F80165EB5850FF347AB0F8B4C31296,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047953926Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:20.023{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=33101D405248A55BB99247E9D9BA0463,SHA256=BFC386539045B15664F2122AF7385BA4CC7209E973ACB7AEF58F8C6FB1DA491D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000030724919Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:20.790{B81B27B7-6348-6125-5600-01000000C801}3565032C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{B81B27B7-4013-611D-2700-00000000C801}2076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030724918Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:20.653{B81B27B7-4014-611D-3000-00000000C801}31443164C:\Windows\system32\conhost.exe{B81B27B7-6348-6125-5600-01000000C801}356C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030724917Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:20.653{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030724916Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:20.653{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030724915Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:20.653{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030724914Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:20.653{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030724913Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:20.638{B81B27B7-4012-611D-0500-00000000C801}420536C:\Windows\system32\csrss.exe{B81B27B7-6348-6125-5600-01000000C801}356C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000030724912Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:20.638{B81B27B7-4013-611D-2700-00000000C801}20763760C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{B81B27B7-6348-6125-5600-01000000C801}356C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000030724911Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:20.638{B81B27B7-6348-6125-5600-01000000C801}356C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{B81B27B7-4012-611D-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{B81B27B7-4013-611D-2700-00000000C801}2076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000030724910Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:20.154{B81B27B7-6347-6125-5500-01000000C801}55046740C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{B81B27B7-4013-611D-2700-00000000C801}2076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000030724924Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:21.890{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=491C15833D453E1D231D0E4622C9003E,SHA256=21A6184CDF0C4A426EE6A603BDD23D6EFCEEAA27D4A1812F6886F5F0768F2989,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047953933Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:21.258{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B8DBE7500D12A6EC81697CB898C6D844,SHA256=4A89D879D4DDB9CDEAEE96C235FE9B408F904946E50B6399C4498C5115AA0C44,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047953932Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:21.258{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E33985C25F8BAD141BB46D638DF693E4,SHA256=2958433E29A8D73207D0987EFB58C1FCE40722895C1847F4A74545E8C29C3B16,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000030724923Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:26.065{B81B27B7-4013-611D-2700-00000000C801}2076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58825-false10.0.1.12-8089- 23542300x800000000000000030724926Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:22.920{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=682F3B241AB843E4128534A955C4C434,SHA256=1224D4813DBD35AB422855B244A439A1F61E76093D5D3652056D372EA6707F6D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000047953936Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:18.935{3BF36828-4037-611D-7100-00000000CA01}4948C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local53740-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000047953935Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:22.398{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D58275601F9038502830E5472755DE44,SHA256=E204EA58A83E1DD5DB66ABB01FD644BAD8EE64A3104881763863144D8C42FCA3,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047953934Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:22.398{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=23735FBF0D875D56C56657C755AFF9FE,SHA256=9B0703863AB971E4377A8AC1B5E4CADFB64C513B4B6B0F4B804C43B3017A1581,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000030724925Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:27.063{B81B27B7-401D-611D-6900-00000000C801}3616C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58826-false10.0.1.12-8000- 23542300x800000000000000030724935Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:23.936{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BECD699BEDB466FB26CA2E413496D268,SHA256=B65103D9264E31EDA678F444CB11005B48455ADAA0B54ABC8A6B07D00759DD2C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047953938Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:23.554{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B2B6DB4CC467AD615725F9333771C498,SHA256=5727B7C8899B86A486E0BD60806BCEE38E4CDCE5F2B8BB8E762C341326DA4026,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000030724934Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:23.105{B81B27B7-4014-611D-3000-00000000C801}31443164C:\Windows\system32\conhost.exe{B81B27B7-634B-6125-5700-01000000C801}3124C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030724933Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:23.105{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030724932Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:23.105{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030724931Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:23.105{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030724930Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:23.105{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030724929Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:23.105{B81B27B7-4012-611D-0500-00000000C801}420536C:\Windows\system32\csrss.exe{B81B27B7-634B-6125-5700-01000000C801}3124C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000030724928Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:23.105{B81B27B7-4013-611D-2700-00000000C801}20763760C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{B81B27B7-634B-6125-5700-01000000C801}3124C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000030724927Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:23.089{B81B27B7-634B-6125-5700-01000000C801}3124C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{B81B27B7-4012-611D-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{B81B27B7-4013-611D-2700-00000000C801}2076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000047953937Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:23.445{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F713A05F9E822F7B823B92881EA39B2A,SHA256=B61121795B5F3D62EC39A9442B120353658EE988800A1AA5FA37D0640927E57E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030724937Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:24.969{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9BC9687A46AE41434D8F18EC26B89FAA,SHA256=CC4F82CAE57BB90D02F0E395F6065979B84E1B45DF94F3F97B661D2B01397E04,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047953940Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:24.554{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2241850F0FECB0BF13AB409F24434E57,SHA256=FFF236DF359C42B6CCE73BB6712DE76CF4DEB300621A4D20D8A1323A513583C0,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047953939Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:24.554{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=42DB2B2D09F743E95646930BDFB9A9D5,SHA256=D84D11EB9AD0481A335E1DBE5557103AC8D442DF3E5F1EBEB47D94D736786F40,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030724936Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:24.089{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=536D3C666578588B834D93C6490CFDAC,SHA256=B389214A2642DF186648365FEF30A21233F71548EA09DB6F498F2770D9E93AC5,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030724938Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:25.989{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8C8CA2F4C30F662DA86B93791F27BCD3,SHA256=16B6CC1CA60D3DA7A47953F497E580AF237ED5A54C03EFEED9307A27D94A2639,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047953942Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:25.742{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=6832496F8502C22BD557A34289C9E39C,SHA256=D8A52E2747E23F790859E8FD3A601C68624CEC38B33AB986B6F69F12AC277F61,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047953941Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:25.570{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FCC93A4313FECA6C0E9ACF398DF7FBB9,SHA256=79A55BDED2E20F7B43FD6FD391F5510E409FB275BB756E4243031A6753592755,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047953944Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:26.851{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=8F1FA30C1E80B1B9B606876E2D881975,SHA256=C89F267B7BED49A4F1FE0D6210C997B66A54BF223D4CC3EFE0577C12B5BC07D0,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047953943Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:26.601{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A5F42D5EECF2352B9C6B30591AA299C8,SHA256=DB654B3DB62A7FBACF71D85C20AA678684946160059F85E25EB38E861722DE7F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047953945Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:27.601{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BCEEE4FC593BB9A6206981216CAFF6F9,SHA256=FC8C50D65B85979D247F39ECAF1208C19B5CC5975646A2B7E961116F790B9C16,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030724939Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:27.019{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7BEF32F328D22EB0C3F8D9BD181E007E,SHA256=AF24C89132104CB4A7599E965F87D24D8FB186870041CC0F6DA2C03BD5BC4F93,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047953948Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:28.617{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CC5069705F4A292182A47BEC30CC84AB,SHA256=BD00C41B328F5767C2C2EC5832A24D111E43FF4E55284D9C4829365DD7372140,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000030724941Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:32.946{B81B27B7-401D-611D-6900-00000000C801}3616C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58827-false10.0.1.12-8000- 23542300x800000000000000030724940Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:28.050{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8E2D0CAEC774F24A28C25AE8FCFD5137,SHA256=DDBCD9A06BDBB27646A25D9FC0DF141C98C2E97EBE0C7328642DB56351DFCAC1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047953947Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:28.195{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=9477B6275EE15BCEB3613586C8D0BE07,SHA256=5698C5AA3A8F82E32F6E87E2F3E2535098E5B5660C103A38BB56A590EF0AEDE4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000047953946Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:23.988{3BF36828-4037-611D-7100-00000000CA01}4948C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local53741-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000047953950Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:29.648{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9CDFD5A66CCD42EB2C511B64CCF9BE6B,SHA256=2B7EFA341D61932500226F386611B773DEB1D958608E37A405F0E2CA30BE4471,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030724942Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:29.067{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=931CA0FF79A922CC202E00CB426E109E,SHA256=A32D3835A66995DF67CF1778D220F00CD2DBB42ACD6B8F043C167736FDA8D860,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047953949Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:29.429{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=8B499A9E7B7BA6CCD37DB057839CD4D1,SHA256=E6DDAC82774E4F06CF410D3686B788A0A5FF02060E51DF50F005A707B1061947,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047953952Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:30.664{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9835893D9047A89FFD4A9A86E740EA53,SHA256=5AB13FA322FB1DCFAB1CEAD5C0283ECA7FFE49B9532DFFCCAC5A3DC2F45AB7C6,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030724943Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:30.085{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A8AC4702921C5C5136F2A1A7F9F9BE1A,SHA256=DACF9DE3906F53F3FE02CAF033F5574A878E93D7C51AC1F8FAFD79C32D457BB2,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047953951Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:30.476{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=940C601D6FF79AF10EB4A6C970952A95,SHA256=797183E6794B417F26716CD087809833221F2AEC0433E869E0F422873178CAA9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047953954Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:31.820{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=DD5E07175A3237CD1CAF2D5045BECCD6,SHA256=EA5782A9F6310FD0BAC22E1129D4CF72BF8E044D505CA3EA61C0CFB2362B3461,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047953953Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:31.711{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F59F0A0D06EF8698F34885FD98C48805,SHA256=6150B6B206F2AA66FD98714BACCB0B475B2CA1D9779F7BEE64D5BD032347F31B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030724944Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:31.131{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=03AE0182194055213164FFD3D43E1EE1,SHA256=F8254956DD1CFAAC457BA39D85D24ED89E50C00EA7D0187AC44C2CDD792C13E2,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047953956Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:32.976{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=89D7828C8D5BAF3911483C902221D8A9,SHA256=C6DF2D906CDAB47EC97B012C594BC1BB23AF8728B3DDD4D590251FAAB234AD9D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047953955Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:32.726{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C74247073459D0802FFB9403BEA450AA,SHA256=F8FB6740DB043409886CB78B802E1FD187F8A31E0792B4C750E332A5157BE22A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000030724946Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:38.010{B81B27B7-401D-611D-6900-00000000C801}3616C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58828-false10.0.1.12-8000- 23542300x800000000000000030724945Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:32.146{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A3D45459BFF9D62846C2F1614C2FA035,SHA256=B79D9CB156507F59B1833B8C4BAE89510CB6B98997DC7879D385823F561FB2A6,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047953957Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:33.742{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8524E1154D9F9C5C082CFE735C81EBF9,SHA256=F2C1E77CEDBEA1F1124C277DF1824CB18F3E727A500C30E2C8CCEB5C72E94497,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030724947Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:33.163{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=47913F12BD650627DA9F7964457CB61C,SHA256=1A57798D42F6C97E76C67C19190A6B430AF1CA869F1FDA10843F84274F1A48FF,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047953960Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:34.789{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F6323A3DFBAA7F258EADE74AF563D14B,SHA256=0C03B7FADE10001242B8DD5BC67924522826A7319F193D16787E9E4E6FC65F4B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030724948Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:34.196{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2341F21A9EA27A1B161F17C737B3E6A5,SHA256=317875E9863621408CE22F3B8614CF388EAEC879EDC9C62253BBFEE758D5A3A7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000047953959Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:29.982{3BF36828-4037-611D-7100-00000000CA01}4948C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local53742-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000047953958Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:34.148{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=EBE23204BDA5A3BD244823673C231327,SHA256=CADB26CBE5970478D81F41DC4003C0563BB95A6E2B7E7E3F787EA13F5BB15CBD,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047953962Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:35.792{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=20FA928AC330298C4D87993C9E53B705,SHA256=0FFFC7F5E71C13658C96EE0A3340751CDDF0A01AE737965E57431C3C0A7DA130,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030724949Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:35.211{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A6FD547A4D0418C5E7F48A5AB2E2C7D4,SHA256=D7DEE1D8E254B60DD33FD1117F19135D2E46C16A7BBA4CF2CB6C8D025EBC1435,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047953961Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:35.258{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=201F72F28C470BB8615B81BD1C9F5BEF,SHA256=96A74DF89712397BAAF56FAD759172A5C3F9A5A8FA41C9F3C097FBF074E0C8A1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047953964Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:36.824{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9175C337773B1BC6A582764B237AF60B,SHA256=5050DD630B1F224E9F8584911CCC95C1D2357C27A8A877E0FCECDCAE3AC5A063,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030724950Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:36.227{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C943640314B7A75FD7EB5832D1CD2FE8,SHA256=03DB5143D05BAC3DFD7F752E4046009D91BC926AE0327A547AC4612F3E9BDBE9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047953963Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:36.417{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=FE6145742B996A7078A7278CFED2EBF9,SHA256=E20648730B0D2DC6AF706B1F12D42E2512DAD2E6023308B52237024BCA7315A1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047953966Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:37.839{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C229CD851CD72461F9A619A5A9D515C6,SHA256=7C5FA839DF7B8695DC45030CB0221B8184504D7E28AAEC5084C31F06C32A55F1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000030724952Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:43.068{B81B27B7-401D-611D-6900-00000000C801}3616C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58829-false10.0.1.12-8000- 23542300x800000000000000030724951Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:37.227{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=972DAC5CEAE8BA577FE9FD588B5C048D,SHA256=25E22642964168D3F5FFEBAC6050A53E9D9A86BA2FDDBAF675641CE43AA0D35D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047953965Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:37.496{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A2BA75788554465AF2A57E6882070499,SHA256=45B435190874CA0809BDB46F6A2D79536C0AE76642F7C455305525F882740936,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047953968Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:38.949{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=CF6A9862EC3BB99CE4B1DE31F6C1C6B2,SHA256=1BE5EE8E0BD55C3C5591AE19B74A386338A79BFEAA68D8D7B76C601D4920DAEE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047953967Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:38.855{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F1EF5FCBC1F6BAA9A6A50DDCB62CF303,SHA256=FBEA40EEA5B9CE854F6C9A1E01A8EDE14BAB6F192EB5A9D435417B684F484E27,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030724953Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:38.227{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DB762784C7764F198A34F5D2B9FD3DB1,SHA256=CA625DE525657BBBC419FAC471C68731B36E30087A0D35BEB43D3319AB77B525,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047953969Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:39.886{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CCA420FEBF280AABF1552E460CB708A2,SHA256=B00AC2F5A3E03A334ED5D3DA5DD51EF7863D63E7A870BFD786B599F560B94253,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030724954Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:39.228{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=294E6C451331B1E5F206AA56E83EE397,SHA256=E7C76FC3D7127D5632FC586E502E04EF3FB412809CDF596C68943D5D043E7589,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047953972Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:40.903{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5557736F40BC67C57871BE83B6EB6450,SHA256=055B12FCB8329305E48682B614EB16461E7172022383E79C7886C01CA65F0C1C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000047953971Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:35.907{3BF36828-4037-611D-7100-00000000CA01}4948C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local53743-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000047953970Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:40.246{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=025AC0E545A84A726371F240F6F70ABC,SHA256=304708BF5F1F61C569AB163A4FAF5CD153A68B15FE0581F80455D0E6E4487A64,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030724955Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:40.228{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=86AA3A089A1E1C43A31BD0806C4C8405,SHA256=FBFFFA4AC25034E37A4F19B54F29A31DEF43FE768D09C5EB4121CDCC16A740DB,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047953974Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:41.933{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=183157ED102B692718A8241D03C2F80F,SHA256=5419C18D5868ECC163B70431D0E977D07EC8D6D52ABAFC322D6FE297F39E63D4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030724956Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:41.263{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DDC678165727EE3123316DF8AEB954CB,SHA256=A2CDF09E85B8E567539D1BF2BF3A7761393921E8BFA5A3A81EC4CCB61879CC89,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047953973Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:41.277{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=99FDF93217BF04407ED6FD8D44454445,SHA256=E9D4DD446EF365C611E9A0B687AA99EBE191F062417BF03955B0D55068E7E81A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047953976Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:42.980{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=474346607FBBF784DF510BABB3627673,SHA256=E304695F0BEE54EEB9F5974C773B65E64B7E13BDADE6C03F45112E414DE32691,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030724957Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:42.266{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EC52D8DCA463E8F3ECB02AAE8107D41C,SHA256=C2537187B879977A2387456FDEDEC04A41DE789723A50AD63F36F52BF36739C9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047953975Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:42.527{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=1C4891DA416256C6E0F0244D09046844,SHA256=9BC14EE065E2B245E1DDCD7DE1E9D13CE7296A5B0D001E5960095155A85C4EED,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000030724959Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:49.044{B81B27B7-401D-611D-6900-00000000C801}3616C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58830-false10.0.1.12-8000- 23542300x800000000000000030724958Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:43.287{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B111390036E5AD7C5E6439CD0A672CAD,SHA256=B3AA7C2ADF541F515DAA6604A8669405EB1D03D317FB7B1BE466C6825C0CF265,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000047954033Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.917{3BF36828-635F-6125-45F4-00000000CA01}19684896C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{3BF36828-402C-611D-3000-00000000CA01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000047954032Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.902{3BF36828-635F-6125-45F4-00000000CA01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000047954031Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.902{3BF36828-635F-6125-45F4-00000000CA01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x800000000000000047954030Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.730{3BF36828-635F-6125-45F4-00000000CA01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000047954029Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.730{3BF36828-635F-6125-45F4-00000000CA01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rsaenh.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=B6E99FD898E948657373BB02708C7C00,SHA256=90476029BD7AB0FEC53AAE567AE53BC0B09C7C5C8C7B8F19485BA872B74ED591,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000047954028Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.730{3BF36828-635F-6125-45F4-00000000CA01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000047954027Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.730{3BF36828-635F-6125-45F4-00000000CA01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000047954026Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.730{3BF36828-635F-6125-45F4-00000000CA01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000047954025Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.730{3BF36828-635F-6125-45F4-00000000CA01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000047954024Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.730{3BF36828-635F-6125-45F4-00000000CA01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000047954023Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.730{3BF36828-635F-6125-45F4-00000000CA01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000047954022Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.730{3BF36828-635F-6125-45F4-00000000CA01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000047954021Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.730{3BF36828-635F-6125-45F4-00000000CA01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000047954020Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.714{3BF36828-635F-6125-45F4-00000000CA01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000047954019Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.714{3BF36828-635F-6125-45F4-00000000CA01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000047954018Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.714{3BF36828-635F-6125-45F4-00000000CA01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000047954017Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.714{3BF36828-635F-6125-45F4-00000000CA01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000047954016Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.714{3BF36828-635F-6125-45F4-00000000CA01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000047954015Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.714{3BF36828-635F-6125-45F4-00000000CA01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000047954014Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.714{3BF36828-635F-6125-45F4-00000000CA01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000047954013Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.714{3BF36828-635F-6125-45F4-00000000CA01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000047954012Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.714{3BF36828-635F-6125-45F4-00000000CA01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000047954011Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.714{3BF36828-635F-6125-45F4-00000000CA01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000047954010Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.714{3BF36828-635F-6125-45F4-00000000CA01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000047954009Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.714{3BF36828-635F-6125-45F4-00000000CA01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000047954008Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.714{3BF36828-635F-6125-45F4-00000000CA01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000047954007Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.714{3BF36828-635F-6125-45F4-00000000CA01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\advapi32.dll10.0.14393.2969 (rs1_release.190503-1820)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=F5442C4B9A99C3AED71BED79AC46DAD1,SHA256=05F47403F3BD93FB11F39A5CB4D6E4DD08B35FF4FA3D4969D8E5396D38FB484B,IMPHASH=D2F471BB25AF6310EB67BD4EA99B4DBCtrueMicrosoft WindowsValid 734700x800000000000000047954006Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.714{3BF36828-635F-6125-45F4-00000000CA01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000047954005Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.714{3BF36828-635F-6125-45F4-00000000CA01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000047954004Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.714{3BF36828-635F-6125-45F4-00000000CA01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000047954003Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.714{3BF36828-635F-6125-45F4-00000000CA01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000047954002Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.714{3BF36828-635F-6125-45F4-00000000CA01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4350 (rs1_release.210407-2154)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=BC930981DA6E598A6A2E87D8355CB38A,SHA256=34DB9A305C0574B5C1694A499221B520DFB2BFD894D8E95096ABF09F1182D758,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000047954001Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.714{3BF36828-635F-6125-45F4-00000000CA01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000047954000Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.714{3BF36828-635F-6125-45F4-00000000CA01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\combase.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=88632FDECDE467B887C3594BE2EC545C,SHA256=FFED4D80961917C785063411ED15CED1DB6588AD925E76D72E1BF684FFDBF25D,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000047953999Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.714{3BF36828-635F-6125-45F4-00000000CA01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000047953998Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.714{3BF36828-635F-6125-45F4-00000000CA01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000047953997Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.714{3BF36828-635F-6125-45F4-00000000CA01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000047953996Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.714{3BF36828-635F-6125-45F4-00000000CA01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000047953995Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.714{3BF36828-635F-6125-45F4-00000000CA01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 10341000x800000000000000047953994Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.714{3BF36828-402D-611D-3A00-00000000CA01}36083628C:\Windows\system32\conhost.exe{3BF36828-635F-6125-45F4-00000000CA01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000047953993Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.714{3BF36828-635F-6125-45F4-00000000CA01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000047953992Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.714{3BF36828-635F-6125-45F4-00000000CA01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000047953991Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.714{3BF36828-635F-6125-45F4-00000000CA01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000047953990Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.714{3BF36828-635F-6125-45F4-00000000CA01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exeMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165trueSplunk, Inc.Valid 10341000x800000000000000047953989Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.714{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047953988Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.714{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047953987Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.714{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047953986Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.714{3BF36828-4019-611D-0500-00000000CA01}408424C:\Windows\system32\csrss.exe{3BF36828-635F-6125-45F4-00000000CA01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000047953985Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.714{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047953984Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.714{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047953983Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.714{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047953982Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.714{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047953981Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.714{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047953980Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.714{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047953979Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.714{3BF36828-402C-611D-3000-00000000CA01}22204860C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3BF36828-635F-6125-45F4-00000000CA01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000047953978Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.700{3BF36828-635F-6125-45F4-00000000CA01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{3BF36828-4019-611D-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{3BF36828-402C-611D-3000-00000000CA01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000047953977Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.667{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B46134338E45548C870661A3D0D4C64D,SHA256=BA472353A8CE3818D589EB7BC9D7099D99BC45AF0159B957BAC2EE9888F3D0E8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030724960Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:44.303{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C180103D8439D50F49AC4ACEF1BE5288,SHA256=C6BE88E550DB72B0F7E3EF06E2B7A84B717BB1964D130CAF95B30C88ADF948FC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x800000000000000047954150Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.980{3BF36828-6360-6125-47F4-00000000CA01}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000047954149Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.980{3BF36828-6360-6125-47F4-00000000CA01}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=B6E99FD898E948657373BB02708C7C00,SHA256=90476029BD7AB0FEC53AAE567AE53BC0B09C7C5C8C7B8F19485BA872B74ED591,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000047954148Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.980{3BF36828-6360-6125-47F4-00000000CA01}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000047954147Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.980{3BF36828-6360-6125-47F4-00000000CA01}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000047954146Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.980{3BF36828-6360-6125-47F4-00000000CA01}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000047954145Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.980{3BF36828-6360-6125-47F4-00000000CA01}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000047954144Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.980{3BF36828-6360-6125-47F4-00000000CA01}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000047954143Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.980{3BF36828-6360-6125-47F4-00000000CA01}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000047954142Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.980{3BF36828-6360-6125-47F4-00000000CA01}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sspicli.dll10.0.14393.2580 (rs1_release_inmarket.181009-1745)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=5061339CE61C0B32DB8F51A95E3B2422,SHA256=60558CA374334D4C6BBAD475921538C14A9FF3422893348A0503C1F33015FD25,IMPHASH=4B1C9487A6420C18F688F0EC5BEB6F33trueMicrosoft WindowsValid 734700x800000000000000047954141Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.980{3BF36828-6360-6125-47F4-00000000CA01}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000047954140Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.964{3BF36828-6360-6125-47F4-00000000CA01}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000047954139Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.964{3BF36828-6360-6125-47F4-00000000CA01}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000047954138Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.964{3BF36828-6360-6125-47F4-00000000CA01}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000047954137Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.964{3BF36828-6360-6125-47F4-00000000CA01}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000047954136Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.964{3BF36828-6360-6125-47F4-00000000CA01}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000047954135Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.964{3BF36828-6360-6125-47F4-00000000CA01}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\combase.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=88632FDECDE467B887C3594BE2EC545C,SHA256=FFED4D80961917C785063411ED15CED1DB6588AD925E76D72E1BF684FFDBF25D,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000047954134Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.964{3BF36828-6360-6125-47F4-00000000CA01}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000047954133Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.964{3BF36828-6360-6125-47F4-00000000CA01}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000047954132Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.964{3BF36828-6360-6125-47F4-00000000CA01}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000047954131Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.964{3BF36828-6360-6125-47F4-00000000CA01}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000047954130Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.964{3BF36828-6360-6125-47F4-00000000CA01}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000047954129Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.964{3BF36828-6360-6125-47F4-00000000CA01}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000047954128Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.964{3BF36828-6360-6125-47F4-00000000CA01}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000047954127Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.964{3BF36828-6360-6125-47F4-00000000CA01}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000047954126Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.964{3BF36828-6360-6125-47F4-00000000CA01}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000047954125Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.964{3BF36828-6360-6125-47F4-00000000CA01}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000047954124Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.964{3BF36828-6360-6125-47F4-00000000CA01}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000047954123Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.964{3BF36828-6360-6125-47F4-00000000CA01}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000047954122Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.964{3BF36828-6360-6125-47F4-00000000CA01}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000047954121Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.964{3BF36828-6360-6125-47F4-00000000CA01}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\nsi.dll10.0.14393.3297 (rs1_release_1.191001-1045)NSI User-mode interface DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationnsi.dllMD5=994E2A6D2A0B38E0968B3998E42033AC,SHA256=491F2D1DE09C39B324BCF5800198AC7CCE755F4023F1FEB3854D33716461BC27,IMPHASH=B01B7830101BC0D5FBDE4FFE2B170CF7trueMicrosoft WindowsValid 734700x800000000000000047954120Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.964{3BF36828-6360-6125-47F4-00000000CA01}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000047954119Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.964{3BF36828-6360-6125-47F4-00000000CA01}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000047954118Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.964{3BF36828-6360-6125-47F4-00000000CA01}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\IPHLPAPI.DLL10.0.14393.2339 (rs1_release_inmarket.180611-1502)IP Helper APIMicrosoft® Windows® Operating SystemMicrosoft Corporationiphlpapi.dllMD5=3CD38EDF9CA12F91131EDEE32D1C9DF5,SHA256=AF2440640BF8BDEAAF0DECDD7C354158E415ED0AA340ABA7A6CCCDC09C1E728B,IMPHASH=98738BA55485CCA932F6D222F47FFC55trueMicrosoft WindowsValid 734700x800000000000000047954117Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.964{3BF36828-6360-6125-47F4-00000000CA01}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dnsapi.dll10.0.14393.4350 (rs1_release.210407-2154)DNS Client API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationdnsapiMD5=D7651F99299B13D576A72643BFC44944,SHA256=589302E630C473DBDF4CE92C59F00B029FCA0C228E7111A764166E16025FA1A9,IMPHASH=3C043C6FF0F62DAEB8819606F79C5ECCtrueMicrosoft WindowsValid 734700x800000000000000047954116Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.964{3BF36828-6360-6125-47F4-00000000CA01}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5,IMPHASH=0D8FF9DE2DA5C07D680347B1A098E759trueMicrosoft WindowsValid 734700x800000000000000047954115Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.964{3BF36828-6360-6125-47F4-00000000CA01}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000047954114Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.964{3BF36828-6360-6125-47F4-00000000CA01}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\advapi32.dll10.0.14393.2969 (rs1_release.190503-1820)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=F5442C4B9A99C3AED71BED79AC46DAD1,SHA256=05F47403F3BD93FB11F39A5CB4D6E4DD08B35FF4FA3D4969D8E5396D38FB484B,IMPHASH=D2F471BB25AF6310EB67BD4EA99B4DBCtrueMicrosoft WindowsValid 734700x800000000000000047954113Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.964{3BF36828-6360-6125-47F4-00000000CA01}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4350 (rs1_release.210407-2154)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=BC930981DA6E598A6A2E87D8355CB38A,SHA256=34DB9A305C0574B5C1694A499221B520DFB2BFD894D8E95096ABF09F1182D758,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000047954112Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.964{3BF36828-6360-6125-47F4-00000000CA01}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000047954111Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.964{3BF36828-6360-6125-47F4-00000000CA01}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 10341000x800000000000000047954110Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.964{3BF36828-402D-611D-3A00-00000000CA01}36083628C:\Windows\system32\conhost.exe{3BF36828-6360-6125-47F4-00000000CA01}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000047954109Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.964{3BF36828-6360-6125-47F4-00000000CA01}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000047954108Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.964{3BF36828-6360-6125-47F4-00000000CA01}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000047954107Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.964{3BF36828-6360-6125-47F4-00000000CA01}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 10341000x800000000000000047954106Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.964{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954105Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.964{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954104Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.964{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000047954103Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.964{3BF36828-6360-6125-47F4-00000000CA01}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exeMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AECtrueSplunk, Inc.Valid 10341000x800000000000000047954102Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.964{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954101Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.964{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954100Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.964{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954099Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.964{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954098Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.964{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954097Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.964{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954096Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.964{3BF36828-4019-611D-0500-00000000CA01}408424C:\Windows\system32\csrss.exe{3BF36828-6360-6125-47F4-00000000CA01}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000047954095Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.964{3BF36828-402C-611D-3000-00000000CA01}22204860C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3BF36828-6360-6125-47F4-00000000CA01}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000047954094Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.955{3BF36828-6360-6125-47F4-00000000CA01}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{3BF36828-4019-611D-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{3BF36828-402C-611D-3000-00000000CA01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000047954093Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.949{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=439B20FD1C022DF9ECA7750A751D88A3,SHA256=1BDECDC37D41A2706030AD3F16EB70B456EF6D01B2728266DBAB48734FB5FF7F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954092Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.855{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=37D38D316B8B3796EA9B272702448771,SHA256=03E6E144AC949E87B07976A06A634C4A2BBAFD50F3775BBBBF3A8CC2EDD3779E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954091Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.824{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B2668216EFECE8E84943EF8591E2D551,SHA256=3BD213379DA4F12E2393F06FA4E69A602AEE1BB4791FF78CBA5B571071FF3C8A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x800000000000000047954090Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.574{3BF36828-6360-6125-46F4-00000000CA01}5292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000047954089Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.574{3BF36828-6360-6125-46F4-00000000CA01}5292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000047954088Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.574{3BF36828-6360-6125-46F4-00000000CA01}5292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x800000000000000047954087Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.433{3BF36828-6360-6125-46F4-00000000CA01}5292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000047954086Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.433{3BF36828-6360-6125-46F4-00000000CA01}5292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rsaenh.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=B6E99FD898E948657373BB02708C7C00,SHA256=90476029BD7AB0FEC53AAE567AE53BC0B09C7C5C8C7B8F19485BA872B74ED591,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000047954085Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.433{3BF36828-6360-6125-46F4-00000000CA01}5292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000047954084Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.433{3BF36828-6360-6125-46F4-00000000CA01}5292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000047954083Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.418{3BF36828-6360-6125-46F4-00000000CA01}5292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000047954082Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.418{3BF36828-6360-6125-46F4-00000000CA01}5292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000047954081Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.418{3BF36828-6360-6125-46F4-00000000CA01}5292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000047954080Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.418{3BF36828-6360-6125-46F4-00000000CA01}5292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000047954079Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.418{3BF36828-6360-6125-46F4-00000000CA01}5292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000047954078Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.418{3BF36828-6360-6125-46F4-00000000CA01}5292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000047954077Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.418{3BF36828-6360-6125-46F4-00000000CA01}5292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000047954076Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.418{3BF36828-6360-6125-46F4-00000000CA01}5292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000047954075Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.418{3BF36828-6360-6125-46F4-00000000CA01}5292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\combase.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=88632FDECDE467B887C3594BE2EC545C,SHA256=FFED4D80961917C785063411ED15CED1DB6588AD925E76D72E1BF684FFDBF25D,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000047954074Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.418{3BF36828-6360-6125-46F4-00000000CA01}5292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000047954073Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.418{3BF36828-6360-6125-46F4-00000000CA01}5292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000047954072Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.418{3BF36828-6360-6125-46F4-00000000CA01}5292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000047954071Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.418{3BF36828-6360-6125-46F4-00000000CA01}5292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000047954070Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.418{3BF36828-6360-6125-46F4-00000000CA01}5292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000047954069Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.402{3BF36828-6360-6125-46F4-00000000CA01}5292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\fltLib.dll10.0.14393.0 (rs1_release.160715-1616)Filter LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationfilterLib.dllMD5=051ABD8360BDA63A1BC77C662FBF0A25,SHA256=C914E2DBAEC2C9A11923A984B30A979637D3A27B3C29E93F4C90FB1D9FBC518F,IMPHASH=74D3C2DA8B6F9861866B866AE40683D3trueMicrosoft WindowsValid 734700x800000000000000047954068Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.402{3BF36828-6360-6125-46F4-00000000CA01}5292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000047954067Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.402{3BF36828-6360-6125-46F4-00000000CA01}5292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000047954066Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.402{3BF36828-6360-6125-46F4-00000000CA01}5292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000047954065Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.402{3BF36828-6360-6125-46F4-00000000CA01}5292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000047954064Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.402{3BF36828-6360-6125-46F4-00000000CA01}5292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000047954063Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.402{3BF36828-6360-6125-46F4-00000000CA01}5292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000047954062Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.402{3BF36828-6360-6125-46F4-00000000CA01}5292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000047954061Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.402{3BF36828-6360-6125-46F4-00000000CA01}5292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000047954060Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.402{3BF36828-6360-6125-46F4-00000000CA01}5292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4350 (rs1_release.210407-2154)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=BC930981DA6E598A6A2E87D8355CB38A,SHA256=34DB9A305C0574B5C1694A499221B520DFB2BFD894D8E95096ABF09F1182D758,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000047954059Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.402{3BF36828-6360-6125-46F4-00000000CA01}5292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000047954058Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.402{3BF36828-6360-6125-46F4-00000000CA01}5292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000047954057Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.402{3BF36828-6360-6125-46F4-00000000CA01}5292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000047954056Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.402{3BF36828-6360-6125-46F4-00000000CA01}5292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000047954055Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.402{3BF36828-6360-6125-46F4-00000000CA01}5292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000047954054Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.402{3BF36828-6360-6125-46F4-00000000CA01}5292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000047954053Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.402{3BF36828-6360-6125-46F4-00000000CA01}5292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000047954052Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.402{3BF36828-6360-6125-46F4-00000000CA01}5292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\advapi32.dll10.0.14393.2969 (rs1_release.190503-1820)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=F5442C4B9A99C3AED71BED79AC46DAD1,SHA256=05F47403F3BD93FB11F39A5CB4D6E4DD08B35FF4FA3D4969D8E5396D38FB484B,IMPHASH=D2F471BB25AF6310EB67BD4EA99B4DBCtrueMicrosoft WindowsValid 10341000x800000000000000047954051Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.402{3BF36828-402D-611D-3A00-00000000CA01}36083628C:\Windows\system32\conhost.exe{3BF36828-6360-6125-46F4-00000000CA01}5292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000047954050Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.402{3BF36828-6360-6125-46F4-00000000CA01}5292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000047954049Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.402{3BF36828-6360-6125-46F4-00000000CA01}5292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000047954048Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.402{3BF36828-6360-6125-46F4-00000000CA01}5292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000047954047Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.402{3BF36828-6360-6125-46F4-00000000CA01}5292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exeMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8trueSplunk, Inc.Valid 10341000x800000000000000047954046Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.402{3BF36828-4019-611D-0500-00000000CA01}408528C:\Windows\system32\csrss.exe{3BF36828-6360-6125-46F4-00000000CA01}5292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000047954045Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.402{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954044Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.402{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954043Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.402{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954042Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.402{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954041Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.402{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954040Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.402{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954039Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.402{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954038Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.402{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954037Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.402{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954036Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.402{3BF36828-402C-611D-3000-00000000CA01}22204860C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3BF36828-6360-6125-46F4-00000000CA01}5292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000047954035Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.387{3BF36828-6360-6125-46F4-00000000CA01}5292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{3BF36828-4019-611D-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{3BF36828-402C-611D-3000-00000000CA01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000047954034Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.199{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=53A01A98B1E4200B0712BE7D8E9D8E68,SHA256=F5F5606DD95BD51EE123CA3F74C7935821F08F6070BDD1D089CC23718B1FA253,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954216Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.933{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=113E10682D19601DD5BCE9EA8D0D4571,SHA256=517E2417935607F8029163DB010E2D906F5BE758CA909A3BEB936DCFD4279D82,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954215Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.933{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=88A3E45ED5A42718CA21EE3372C42CD4,SHA256=CA465A0375A1AE624C5C8F60F8E9668F6A7A6096DA01A14AB6D1CA2CADE704CD,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x800000000000000047954214Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.824{3BF36828-6361-6125-48F4-00000000CA01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 23542300x800000000000000030724961Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:45.318{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=16E1BF8A557E5405D863148AD29C74BC,SHA256=0055AB1A7065B0FB2BAAD6EE207EEEB29D87BF7624DA610A8204849BC2E91739,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000047954213Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.824{3BF36828-6361-6125-48F4-00000000CA01}55642504C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{3BF36828-402C-611D-3000-00000000CA01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000047954212Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.824{3BF36828-6361-6125-48F4-00000000CA01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000047954211Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.808{3BF36828-6361-6125-48F4-00000000CA01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x800000000000000047954210Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.668{3BF36828-6361-6125-48F4-00000000CA01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000047954209Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.668{3BF36828-6361-6125-48F4-00000000CA01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=B6E99FD898E948657373BB02708C7C00,SHA256=90476029BD7AB0FEC53AAE567AE53BC0B09C7C5C8C7B8F19485BA872B74ED591,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000047954208Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.668{3BF36828-6361-6125-48F4-00000000CA01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000047954207Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.652{3BF36828-6361-6125-48F4-00000000CA01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000047954206Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.652{3BF36828-6361-6125-48F4-00000000CA01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000047954205Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.652{3BF36828-6361-6125-48F4-00000000CA01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000047954204Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.652{3BF36828-6361-6125-48F4-00000000CA01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000047954203Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.652{3BF36828-6361-6125-48F4-00000000CA01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000047954202Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.652{3BF36828-6361-6125-48F4-00000000CA01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000047954201Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.652{3BF36828-6361-6125-48F4-00000000CA01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000047954200Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.652{3BF36828-6361-6125-48F4-00000000CA01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000047954199Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.652{3BF36828-6361-6125-48F4-00000000CA01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000047954198Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.652{3BF36828-6361-6125-48F4-00000000CA01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=88632FDECDE467B887C3594BE2EC545C,SHA256=FFED4D80961917C785063411ED15CED1DB6588AD925E76D72E1BF684FFDBF25D,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000047954197Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.652{3BF36828-6361-6125-48F4-00000000CA01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000047954196Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.652{3BF36828-6361-6125-48F4-00000000CA01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000047954195Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.652{3BF36828-6361-6125-48F4-00000000CA01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000047954194Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.652{3BF36828-6361-6125-48F4-00000000CA01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000047954193Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.652{3BF36828-6361-6125-48F4-00000000CA01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000047954192Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.652{3BF36828-6361-6125-48F4-00000000CA01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000047954191Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.652{3BF36828-6361-6125-48F4-00000000CA01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000047954190Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.652{3BF36828-6361-6125-48F4-00000000CA01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000047954189Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.652{3BF36828-6361-6125-48F4-00000000CA01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000047954188Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.652{3BF36828-6361-6125-48F4-00000000CA01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000047954187Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.652{3BF36828-6361-6125-48F4-00000000CA01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000047954186Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.652{3BF36828-6361-6125-48F4-00000000CA01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4350 (rs1_release.210407-2154)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=BC930981DA6E598A6A2E87D8355CB38A,SHA256=34DB9A305C0574B5C1694A499221B520DFB2BFD894D8E95096ABF09F1182D758,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000047954185Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.652{3BF36828-6361-6125-48F4-00000000CA01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000047954184Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.652{3BF36828-6361-6125-48F4-00000000CA01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000047954183Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.652{3BF36828-6361-6125-48F4-00000000CA01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000047954182Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.652{3BF36828-6361-6125-48F4-00000000CA01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000047954181Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.652{3BF36828-6361-6125-48F4-00000000CA01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000047954180Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.652{3BF36828-6361-6125-48F4-00000000CA01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000047954179Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.652{3BF36828-6361-6125-48F4-00000000CA01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000047954178Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.652{3BF36828-6361-6125-48F4-00000000CA01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000047954177Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.652{3BF36828-6361-6125-48F4-00000000CA01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000047954176Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.652{3BF36828-6361-6125-48F4-00000000CA01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.2969 (rs1_release.190503-1820)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=F5442C4B9A99C3AED71BED79AC46DAD1,SHA256=05F47403F3BD93FB11F39A5CB4D6E4DD08B35FF4FA3D4969D8E5396D38FB484B,IMPHASH=D2F471BB25AF6310EB67BD4EA99B4DBCtrueMicrosoft WindowsValid 10341000x800000000000000047954175Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.652{3BF36828-402D-611D-3A00-00000000CA01}36083628C:\Windows\system32\conhost.exe{3BF36828-6361-6125-48F4-00000000CA01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000047954174Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.652{3BF36828-6361-6125-48F4-00000000CA01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000047954173Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.652{3BF36828-6361-6125-48F4-00000000CA01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000047954172Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.652{3BF36828-6361-6125-48F4-00000000CA01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 10341000x800000000000000047954171Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.652{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000047954170Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.652{3BF36828-6361-6125-48F4-00000000CA01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1CtrueSplunk, Inc.Valid 10341000x800000000000000047954169Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.652{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954168Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.652{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954167Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.652{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954166Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.652{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954165Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.652{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954164Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.652{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954163Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.652{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954162Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.652{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954161Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.652{3BF36828-4019-611D-0500-00000000CA01}408424C:\Windows\system32\csrss.exe{3BF36828-6361-6125-48F4-00000000CA01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000047954160Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.636{3BF36828-402C-611D-3000-00000000CA01}22204860C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3BF36828-6361-6125-48F4-00000000CA01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000047954159Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.637{3BF36828-6361-6125-48F4-00000000CA01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{3BF36828-4019-611D-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{3BF36828-402C-611D-3000-00000000CA01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000047954158Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:41.894{3BF36828-4037-611D-7100-00000000CA01}4948C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local53744-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000047954157Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.246{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2E8798EB4B0DFA0EAD56DE7C487C38FF,SHA256=0B43BE541695A83BA6B5743A62A217B056D572DD866632055CD3BC09EC9C32E1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954156Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.246{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C15F41D09E3D32A462D1B0C42FCAD874,SHA256=5BC8B54DDA7861A25C75A26FA125ADB3372786FB7801215369D2817D6ED364EE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x800000000000000047954155Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.152{3BF36828-6360-6125-47F4-00000000CA01}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000047954154Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.152{3BF36828-6360-6125-47F4-00000000CA01}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000047954153Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.152{3BF36828-6360-6125-47F4-00000000CA01}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 23542300x800000000000000047954152Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.136{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=4E69369FD59477F681B9823A34580245,SHA256=CAAFACBFE2616798109660C7776C6E918A3104A3C83A7FA7E11E0E80638AC4B3,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954151Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.043{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=43176EB232DC0FBA0DF65DDAC92B5213,SHA256=ACE95991A56012577946C7AB6127888EB60A6726733105CA74068A9B5407CA17,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030724962Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:46.348{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=622B38AA3C1BD8C87B7C34F151C7453E,SHA256=07AC7CD2F7996AD4B1994513F319E432E1FE94201DB7B69FAC1C7CAD85308D62,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x800000000000000047954273Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.496{3BF36828-6362-6125-49F4-00000000CA01}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000047954272Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.496{3BF36828-6362-6125-49F4-00000000CA01}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000047954271Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.496{3BF36828-6362-6125-49F4-00000000CA01}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x800000000000000047954270Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.355{3BF36828-6362-6125-49F4-00000000CA01}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000047954269Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.355{3BF36828-6362-6125-49F4-00000000CA01}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=B6E99FD898E948657373BB02708C7C00,SHA256=90476029BD7AB0FEC53AAE567AE53BC0B09C7C5C8C7B8F19485BA872B74ED591,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000047954268Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.355{3BF36828-6362-6125-49F4-00000000CA01}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000047954267Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.355{3BF36828-6362-6125-49F4-00000000CA01}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000047954266Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.355{3BF36828-6362-6125-49F4-00000000CA01}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000047954265Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.355{3BF36828-6362-6125-49F4-00000000CA01}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000047954264Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.355{3BF36828-6362-6125-49F4-00000000CA01}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000047954263Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.339{3BF36828-6362-6125-49F4-00000000CA01}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000047954262Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.339{3BF36828-6362-6125-49F4-00000000CA01}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000047954261Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.339{3BF36828-6362-6125-49F4-00000000CA01}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000047954260Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.339{3BF36828-6362-6125-49F4-00000000CA01}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000047954259Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.339{3BF36828-6362-6125-49F4-00000000CA01}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000047954258Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.339{3BF36828-6362-6125-49F4-00000000CA01}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000047954257Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.339{3BF36828-6362-6125-49F4-00000000CA01}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000047954256Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.339{3BF36828-6362-6125-49F4-00000000CA01}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\winspool.drv10.0.14393.4169 (rs1_release.210107-1130)Windows Spooler DriverMicrosoft® Windows® Operating SystemMicrosoft Corporationwinspool.drvMD5=D21FAA584F844E61375D95B5BE9115EE,SHA256=E221EA0081FDE7AAAD71A38016A8D470082B3732E9ED2D8ED7C97E9F41AF0045,IMPHASH=2005807FD04567B79F4109D23F9E6018trueMicrosoft WindowsValid 734700x800000000000000047954255Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.339{3BF36828-6362-6125-49F4-00000000CA01}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000047954254Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.339{3BF36828-6362-6125-49F4-00000000CA01}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000047954253Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.339{3BF36828-6362-6125-49F4-00000000CA01}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000047954252Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.339{3BF36828-6362-6125-49F4-00000000CA01}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000047954251Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.339{3BF36828-6362-6125-49F4-00000000CA01}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000047954250Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.339{3BF36828-6362-6125-49F4-00000000CA01}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\combase.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=88632FDECDE467B887C3594BE2EC545C,SHA256=FFED4D80961917C785063411ED15CED1DB6588AD925E76D72E1BF684FFDBF25D,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000047954249Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.339{3BF36828-6362-6125-49F4-00000000CA01}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000047954248Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.339{3BF36828-6362-6125-49F4-00000000CA01}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000047954247Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.339{3BF36828-6362-6125-49F4-00000000CA01}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000047954246Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.339{3BF36828-6362-6125-49F4-00000000CA01}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000047954245Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.339{3BF36828-6362-6125-49F4-00000000CA01}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000047954244Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.339{3BF36828-6362-6125-49F4-00000000CA01}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000047954243Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.339{3BF36828-6362-6125-49F4-00000000CA01}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000047954242Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.339{3BF36828-6362-6125-49F4-00000000CA01}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4350 (rs1_release.210407-2154)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=BC930981DA6E598A6A2E87D8355CB38A,SHA256=34DB9A305C0574B5C1694A499221B520DFB2BFD894D8E95096ABF09F1182D758,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000047954241Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.339{3BF36828-6362-6125-49F4-00000000CA01}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000047954240Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.339{3BF36828-6362-6125-49F4-00000000CA01}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000047954239Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.339{3BF36828-6362-6125-49F4-00000000CA01}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\advapi32.dll10.0.14393.2969 (rs1_release.190503-1820)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=F5442C4B9A99C3AED71BED79AC46DAD1,SHA256=05F47403F3BD93FB11F39A5CB4D6E4DD08B35FF4FA3D4969D8E5396D38FB484B,IMPHASH=D2F471BB25AF6310EB67BD4EA99B4DBCtrueMicrosoft WindowsValid 734700x800000000000000047954238Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.339{3BF36828-6362-6125-49F4-00000000CA01}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000047954237Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.339{3BF36828-6362-6125-49F4-00000000CA01}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000047954236Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.339{3BF36828-6362-6125-49F4-00000000CA01}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000047954235Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.339{3BF36828-6362-6125-49F4-00000000CA01}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 10341000x800000000000000047954234Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.339{3BF36828-402D-611D-3A00-00000000CA01}36083628C:\Windows\system32\conhost.exe{3BF36828-6362-6125-49F4-00000000CA01}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000047954233Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.339{3BF36828-6362-6125-49F4-00000000CA01}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000047954232Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.339{3BF36828-6362-6125-49F4-00000000CA01}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000047954231Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.339{3BF36828-6362-6125-49F4-00000000CA01}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 10341000x800000000000000047954230Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.339{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954229Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.339{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000047954228Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.339{3BF36828-6362-6125-49F4-00000000CA01}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exeMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748trueSplunk, Inc.Valid 10341000x800000000000000047954227Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.339{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954226Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.339{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954225Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.339{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954224Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.339{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954223Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.339{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954222Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.339{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954221Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.339{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954220Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.339{3BF36828-4019-611D-0500-00000000CA01}408528C:\Windows\system32\csrss.exe{3BF36828-6362-6125-49F4-00000000CA01}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000047954219Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.339{3BF36828-402C-611D-3000-00000000CA01}22204860C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3BF36828-6362-6125-49F4-00000000CA01}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000047954218Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.325{3BF36828-6362-6125-49F4-00000000CA01}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{3BF36828-4019-611D-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{3BF36828-402C-611D-3000-00000000CA01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000047954217Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.324{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C359F0CD7A239FA9F24A9B768232D254,SHA256=9FD262A49A935657123BFA6CACD6D0C39A3AD300475139EC31A217AF578393B2,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954395Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.918{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=E53FE81C33DC2CE356CA8CA9BECFCE78,SHA256=950F41E905EA1ECF81B5E880DB33B4D3EF8FE69FBD3E521B38A7B970DA05C285,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954394Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.855{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F74F2F2FA4198C36EBB60B335CFE8264,SHA256=D956A642DDA2454F5B594B9F1541376A859C0041098107F478272F22BA0BF02A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x800000000000000047954393Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.808{3BF36828-6363-6125-4BF4-00000000CA01}6064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 10341000x800000000000000047954392Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.808{3BF36828-6363-6125-4BF4-00000000CA01}60644388C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{3BF36828-402C-611D-3000-00000000CA01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000047954391Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.808{3BF36828-6363-6125-4BF4-00000000CA01}6064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 23542300x800000000000000030724963Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:47.349{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AAA1C8338BFD35CF0FF03091B0D3E38F,SHA256=D1E989855922BB6EBAA87C188216912223A1B8FAAD64BDCB8C10FE04B1F6842F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x800000000000000047954390Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.808{3BF36828-6363-6125-4BF4-00000000CA01}6064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 23542300x800000000000000047954389Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.761{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=E3D4811D3E8A6270EFFAF5C04F920C12,SHA256=8B05C0F22C42FFEF52FFC4741CF6CDA0C2AB71E4CA876D4AC96C3EFFCAA61691,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954388Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.668{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=3FEFE4DEABF4897A85ACC4DFE5626A6C,SHA256=24D71638CA0F6488D73871B4DB1000DF58A050B8A35F24FC908C209F78383DBA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x800000000000000047954387Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.621{3BF36828-6363-6125-4BF4-00000000CA01}6064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000047954386Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.621{3BF36828-6363-6125-4BF4-00000000CA01}6064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=B6E99FD898E948657373BB02708C7C00,SHA256=90476029BD7AB0FEC53AAE567AE53BC0B09C7C5C8C7B8F19485BA872B74ED591,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000047954385Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.621{3BF36828-6363-6125-4BF4-00000000CA01}6064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000047954384Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.621{3BF36828-6363-6125-4BF4-00000000CA01}6064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000047954383Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.621{3BF36828-6363-6125-4BF4-00000000CA01}6064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000047954382Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.621{3BF36828-6363-6125-4BF4-00000000CA01}6064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000047954381Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.621{3BF36828-6363-6125-4BF4-00000000CA01}6064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000047954380Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.621{3BF36828-6363-6125-4BF4-00000000CA01}6064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000047954379Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.621{3BF36828-6363-6125-4BF4-00000000CA01}6064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000047954378Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.621{3BF36828-6363-6125-4BF4-00000000CA01}6064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000047954377Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.621{3BF36828-6363-6125-4BF4-00000000CA01}6064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000047954376Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.605{3BF36828-6363-6125-4BF4-00000000CA01}6064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000047954375Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.605{3BF36828-6363-6125-4BF4-00000000CA01}6064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\combase.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=88632FDECDE467B887C3594BE2EC545C,SHA256=FFED4D80961917C785063411ED15CED1DB6588AD925E76D72E1BF684FFDBF25D,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000047954374Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.605{3BF36828-6363-6125-4BF4-00000000CA01}6064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000047954373Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.605{3BF36828-6363-6125-4BF4-00000000CA01}6064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000047954372Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.605{3BF36828-6363-6125-4BF4-00000000CA01}6064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000047954371Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.605{3BF36828-6363-6125-4BF4-00000000CA01}6064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000047954370Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.605{3BF36828-6363-6125-4BF4-00000000CA01}6064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000047954369Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.605{3BF36828-6363-6125-4BF4-00000000CA01}6064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000047954368Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.605{3BF36828-6363-6125-4BF4-00000000CA01}6064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000047954367Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.605{3BF36828-6363-6125-4BF4-00000000CA01}6064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000047954366Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.605{3BF36828-6363-6125-4BF4-00000000CA01}6064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000047954365Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.605{3BF36828-6363-6125-4BF4-00000000CA01}6064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000047954364Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.605{3BF36828-6363-6125-4BF4-00000000CA01}6064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000047954363Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.605{3BF36828-6363-6125-4BF4-00000000CA01}6064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000047954362Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.605{3BF36828-6363-6125-4BF4-00000000CA01}6064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000047954361Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.605{3BF36828-6363-6125-4BF4-00000000CA01}6064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000047954360Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.605{3BF36828-6363-6125-4BF4-00000000CA01}6064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5,IMPHASH=0D8FF9DE2DA5C07D680347B1A098E759trueMicrosoft WindowsValid 734700x800000000000000047954359Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.605{3BF36828-6363-6125-4BF4-00000000CA01}6064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4350 (rs1_release.210407-2154)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=BC930981DA6E598A6A2E87D8355CB38A,SHA256=34DB9A305C0574B5C1694A499221B520DFB2BFD894D8E95096ABF09F1182D758,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000047954358Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.605{3BF36828-6363-6125-4BF4-00000000CA01}6064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000047954357Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.605{3BF36828-6363-6125-4BF4-00000000CA01}6064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000047954356Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.605{3BF36828-6363-6125-4BF4-00000000CA01}6064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000047954355Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.605{3BF36828-6363-6125-4BF4-00000000CA01}6064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000047954354Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.605{3BF36828-6363-6125-4BF4-00000000CA01}6064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000047954353Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.605{3BF36828-6363-6125-4BF4-00000000CA01}6064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000047954352Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.605{3BF36828-6363-6125-4BF4-00000000CA01}6064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\advapi32.dll10.0.14393.2969 (rs1_release.190503-1820)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=F5442C4B9A99C3AED71BED79AC46DAD1,SHA256=05F47403F3BD93FB11F39A5CB4D6E4DD08B35FF4FA3D4969D8E5396D38FB484B,IMPHASH=D2F471BB25AF6310EB67BD4EA99B4DBCtrueMicrosoft WindowsValid 10341000x800000000000000047954351Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.605{3BF36828-402D-611D-3A00-00000000CA01}36083628C:\Windows\system32\conhost.exe{3BF36828-6363-6125-4BF4-00000000CA01}6064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000047954350Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.605{3BF36828-6363-6125-4BF4-00000000CA01}6064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000047954349Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.605{3BF36828-6363-6125-4BF4-00000000CA01}6064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000047954348Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.605{3BF36828-6363-6125-4BF4-00000000CA01}6064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000047954347Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.605{3BF36828-6363-6125-4BF4-00000000CA01}6064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exeMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25trueSplunk, Inc.Valid 10341000x800000000000000047954346Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.589{3BF36828-4019-611D-0500-00000000CA01}408356C:\Windows\system32\csrss.exe{3BF36828-6363-6125-4BF4-00000000CA01}6064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000047954345Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.589{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954344Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.589{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954343Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.589{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954342Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.589{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954341Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.589{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954340Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.589{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954339Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.589{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954338Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.589{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954337Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.589{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954336Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.589{3BF36828-402C-611D-3000-00000000CA01}22204860C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3BF36828-6363-6125-4BF4-00000000CA01}6064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000047954335Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.579{3BF36828-6363-6125-4BF4-00000000CA01}6064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{3BF36828-4019-611D-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{3BF36828-402C-611D-3000-00000000CA01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000047954334Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.574{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=31445412F3A65E0142756177ED5E80A3,SHA256=51DB9BAFC1CF1684D5536CE11B6AD3953CF288BD25D19453C28ACD2752DE08EA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954333Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.480{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=69DEBEAB3024D1AE133569EC294DCC73,SHA256=632A39D580709FB518EB1E0A0CD8AC553C54D10FCADD00A999647666353F6B22,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954332Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.418{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B0F59F537CFD7D2E79204EBD236D41C7,SHA256=AB261CDF52C68FDFDA814986414188A766405C4A93CB7974B307253099F6E219,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x800000000000000047954331Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.215{3BF36828-6363-6125-4AF4-00000000CA01}3724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 10341000x800000000000000047954330Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.215{3BF36828-6363-6125-4AF4-00000000CA01}37244772C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{3BF36828-402C-611D-3000-00000000CA01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000047954329Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.215{3BF36828-6363-6125-4AF4-00000000CA01}3724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000047954328Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.215{3BF36828-6363-6125-4AF4-00000000CA01}3724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 23542300x800000000000000047954327Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.183{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=5014FA03ADC428BE423AAEE49E93CCF5,SHA256=995E3C5B46BEC170E6E155AF903FFEED8E14285851E8B7C8B2E3E375A5EEF0F7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954326Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.183{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=338745D087ED493152C5FCE164AFD8AC,SHA256=066A88DCD201A4AC903CF7A266976466043A17D63529B897D2CF884B521BE288,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x800000000000000047954325Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.043{3BF36828-6363-6125-4AF4-00000000CA01}3724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000047954324Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.043{3BF36828-6363-6125-4AF4-00000000CA01}3724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=B6E99FD898E948657373BB02708C7C00,SHA256=90476029BD7AB0FEC53AAE567AE53BC0B09C7C5C8C7B8F19485BA872B74ED591,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000047954323Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.043{3BF36828-6363-6125-4AF4-00000000CA01}3724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000047954322Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.043{3BF36828-6363-6125-4AF4-00000000CA01}3724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000047954321Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.043{3BF36828-6363-6125-4AF4-00000000CA01}3724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000047954320Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.043{3BF36828-6363-6125-4AF4-00000000CA01}3724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000047954319Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.043{3BF36828-6363-6125-4AF4-00000000CA01}3724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000047954318Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.043{3BF36828-6363-6125-4AF4-00000000CA01}3724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000047954317Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.027{3BF36828-6363-6125-4AF4-00000000CA01}3724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000047954316Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.027{3BF36828-6363-6125-4AF4-00000000CA01}3724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000047954315Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.027{3BF36828-6363-6125-4AF4-00000000CA01}3724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000047954314Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.027{3BF36828-6363-6125-4AF4-00000000CA01}3724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000047954313Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.027{3BF36828-6363-6125-4AF4-00000000CA01}3724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=88632FDECDE467B887C3594BE2EC545C,SHA256=FFED4D80961917C785063411ED15CED1DB6588AD925E76D72E1BF684FFDBF25D,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000047954312Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.027{3BF36828-6363-6125-4AF4-00000000CA01}3724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000047954311Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.027{3BF36828-6363-6125-4AF4-00000000CA01}3724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000047954310Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.027{3BF36828-6363-6125-4AF4-00000000CA01}3724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000047954309Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.027{3BF36828-6363-6125-4AF4-00000000CA01}3724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000047954308Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.027{3BF36828-6363-6125-4AF4-00000000CA01}3724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000047954307Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.027{3BF36828-6363-6125-4AF4-00000000CA01}3724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000047954306Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.027{3BF36828-6363-6125-4AF4-00000000CA01}3724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000047954305Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.027{3BF36828-6363-6125-4AF4-00000000CA01}3724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000047954304Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.027{3BF36828-6363-6125-4AF4-00000000CA01}3724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000047954303Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.027{3BF36828-6363-6125-4AF4-00000000CA01}3724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000047954302Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.027{3BF36828-6363-6125-4AF4-00000000CA01}3724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000047954301Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.027{3BF36828-6363-6125-4AF4-00000000CA01}3724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000047954300Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.027{3BF36828-6363-6125-4AF4-00000000CA01}3724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4350 (rs1_release.210407-2154)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=BC930981DA6E598A6A2E87D8355CB38A,SHA256=34DB9A305C0574B5C1694A499221B520DFB2BFD894D8E95096ABF09F1182D758,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000047954299Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.027{3BF36828-6363-6125-4AF4-00000000CA01}3724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000047954298Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.027{3BF36828-6363-6125-4AF4-00000000CA01}3724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000047954297Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.027{3BF36828-6363-6125-4AF4-00000000CA01}3724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000047954296Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.027{3BF36828-6363-6125-4AF4-00000000CA01}3724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000047954295Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.027{3BF36828-6363-6125-4AF4-00000000CA01}3724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000047954294Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.027{3BF36828-6363-6125-4AF4-00000000CA01}3724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000047954293Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.027{3BF36828-6363-6125-4AF4-00000000CA01}3724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000047954292Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.027{3BF36828-6363-6125-4AF4-00000000CA01}3724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000047954291Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.027{3BF36828-6363-6125-4AF4-00000000CA01}3724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.2969 (rs1_release.190503-1820)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=F5442C4B9A99C3AED71BED79AC46DAD1,SHA256=05F47403F3BD93FB11F39A5CB4D6E4DD08B35FF4FA3D4969D8E5396D38FB484B,IMPHASH=D2F471BB25AF6310EB67BD4EA99B4DBCtrueMicrosoft WindowsValid 10341000x800000000000000047954290Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.027{3BF36828-402D-611D-3A00-00000000CA01}36083628C:\Windows\system32\conhost.exe{3BF36828-6363-6125-4AF4-00000000CA01}3724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000047954289Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.027{3BF36828-6363-6125-4AF4-00000000CA01}3724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000047954288Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.027{3BF36828-6363-6125-4AF4-00000000CA01}3724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000047954287Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.027{3BF36828-6363-6125-4AF4-00000000CA01}3724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 10341000x800000000000000047954286Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.027{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954285Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.027{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000047954284Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.027{3BF36828-6363-6125-4AF4-00000000CA01}3724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1CtrueSplunk, Inc.Valid 10341000x800000000000000047954283Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.027{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954282Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.027{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954281Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.027{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954280Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.027{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954279Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.027{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954278Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.027{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954277Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.027{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954276Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.027{3BF36828-4019-611D-0500-00000000CA01}408424C:\Windows\system32\csrss.exe{3BF36828-6363-6125-4AF4-00000000CA01}3724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000047954275Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.027{3BF36828-402C-611D-3000-00000000CA01}22204860C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3BF36828-6363-6125-4AF4-00000000CA01}3724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000047954274Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.012{3BF36828-6363-6125-4AF4-00000000CA01}3724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{3BF36828-4019-611D-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{3BF36828-402C-611D-3000-00000000CA01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000030724965Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:54.155{B81B27B7-401D-611D-6900-00000000C801}3616C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58831-false10.0.1.12-8000- 23542300x800000000000000030724964Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:48.351{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=42049CF429787CA028FC6F1253C7E0E2,SHA256=46E1CC73F9A790A5F2186277DE150E879D6590950843EF1EA601F51BDACD5F9B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954397Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:48.574{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=812F72120DF912BC25448585D20D18DE,SHA256=EAC41931184C1F2566D082CC0618B636E7652F404661414D9FDA3D82D2DCDA49,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954396Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:48.152{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=5FD78D03FCFF8C5DC00480B3BF320043,SHA256=9C664D65FD08D60D0DF3D652C61F3FB4A1BDA587FC32B1DF2DD49DFE6C9E1CBD,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954399Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:49.605{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=61C4B3B6137E7CA617175A2446FB38FF,SHA256=27DCCB4BC90776D3D0596DF8F3037AEC3D2115420CF811D022E185D0C22B9875,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030724966Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:49.371{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E7E44870664070DFCD05424B43ACBB85,SHA256=A79D594F12B47F8904F9CC08C8645F7CF5C4A5B729183042060FBEC55F886B9D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954398Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:49.402{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=272E67E127C92684EA6BC2630D2D600D,SHA256=DDE0E2EB0B6ED437AB9095D35D57D9FCE3C4D4B2F5BB7C977E982EB863ECBBC4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954402Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:50.746{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=5FB8B9799D9B6F66020A469AF0261ED3,SHA256=214BECA176D451D1C258535D0B15E660165489EA8E7931123495235645A589B7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954401Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:50.746{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1C9271326F8DB1BDC92C97251997D841,SHA256=A08D69D5E9314C49BF3EE989D475569028E0D7867844760705F967AAD576F434,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030724967Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:50.405{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=000218E440FE1D5E8C71964C3691AB29,SHA256=1D3A56E5A17E51A7F0CA66CB90376B3D5718EF6F516627A7FCA61E85E8C760CC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000047954400Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.938{3BF36828-4037-611D-7100-00000000CA01}4948C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local53745-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000047954404Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:51.871{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=54D89BADCD8555084CCE77F591A52320,SHA256=A2E6F19C49C6CCF0E9AD664C452EE080657D78B912C8948D51B9B949F1882CF8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954403Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:51.761{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E6F5B9CDBAB06562E1DB7D40CB09674F,SHA256=976182C0EAB7E154F13DCDF132465856C5D92F3503BA8E83B8310B8DD3AFA25D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030724968Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:51.422{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=89CF4C7FA196D34312310BEC22AB2A57,SHA256=26D10889C42E079F1659462AB137522F5147F13F31D82C03C829BA7835ED0D43,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954405Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:52.777{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ED60B3B5F68261F37B1B6AE358DC6066,SHA256=39A5FE3326BB0592546DBD823DFFEEC42BD4B872F88955ABC8400FF5B926A3CB,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030724969Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:52.437{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0E3E369C1E661B5358802BA6027CFCC9,SHA256=FE91D4408DC07273DD910F108A00709CE03FF4F573AEC5D0B811B935733676B3,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954407Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:53.808{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=276094B7E68ED702644861861B4FF3E5,SHA256=1D2292C4062708CE1A154C4102AFD4659C703E2B0C0273DE8BE1018B1D5BB651,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030724970Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:53.468{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=12E7C56F93FB576C849197FAA5366AB5,SHA256=9B6B2C265480D37FDF9592A236B7C2760D1FC9E5D54CE05A29E6F935305A6680,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954406Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:53.011{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C2B7022F4602463DE4D5851900072809,SHA256=16A3BFC83DAC1768FFA8B8A0FD131E4C5041FB8787382A973E458A60E93FF74D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000030724972Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:59.959{B81B27B7-401D-611D-6900-00000000C801}3616C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58832-false10.0.1.12-8000- 23542300x800000000000000030724971Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:54.504{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9132089926DCD50F12801BBFBB0BB627,SHA256=2D266BD335500E13DD8E7600C384FE6BB24CCCCBD6053EFD9C8C3D4B45B96E41,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954409Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:54.824{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B80C6D2466ACF96C840BEF0FCCE032C8,SHA256=DC8FB585EDD295EADA1DA9C8DE293D3ABB7F919F1D117E5389FF073828B39BB9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954408Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:54.293{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=7F775B217C5A17772E83F3CE12FB8608,SHA256=0C08F61E4E255020FC18D7ECC6A02E5BD95715ECDAECCB2CF51D23E01602E08D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954412Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:55.842{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=159A251160B9078BB6C85C0D0E459B47,SHA256=F0C5B5531FE52AE1DF663FB1FBB64A9FDDB03EEF3DF52A727353CE63103847E9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030724973Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:55.520{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1DE45E640DFEBF6C97BF550A265498CF,SHA256=BEA48CF2A937D2E2207AD8C3EE12A82D54CD83A5637C9BB057E6D9076C6968B6,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000047954411Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:52.001{3BF36828-4037-611D-7100-00000000CA01}4948C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local53746-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000047954410Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:55.544{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A91200F7446E044917ACA2A2D86EE04A,SHA256=0CB41945B3216CE3908966D0072116D9397E99ED1AEF1CF38C94EBF781F162A4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954426Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:56.860{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=39451FACA19F7F14DC5F4368AC220B96,SHA256=7C697468FFE41626C28739EC5AE4D6BF60706975F682C24BD7A2FD8172188439,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030724974Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:56.535{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=87751D041241AD60B8F16D1BAC63D691,SHA256=4A5B73C775FBCADDAF30886A4CC433F160D73535EDDF5260D8A1F1CB8F451A26,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000047954425Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:56.545{3BF36828-401B-611D-0D00-00000000CA01}896916C:\Windows\system32\svchost.exe{3BF36828-5A87-611D-C803-00000000CA01}2472C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954424Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:56.545{3BF36828-401B-611D-0D00-00000000CA01}896916C:\Windows\system32\svchost.exe{3BF36828-5A87-611D-C803-00000000CA01}2472C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954423Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:56.545{3BF36828-401B-611D-0D00-00000000CA01}896916C:\Windows\system32\svchost.exe{3BF36828-5A87-611D-C803-00000000CA01}2472C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954422Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:56.545{3BF36828-401B-611D-0D00-00000000CA01}896916C:\Windows\system32\svchost.exe{3BF36828-5A86-611D-C703-00000000CA01}1944C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954421Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:56.545{3BF36828-401B-611D-0D00-00000000CA01}896916C:\Windows\system32\svchost.exe{3BF36828-5A86-611D-C703-00000000CA01}1944C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954420Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:56.545{3BF36828-401B-611D-0D00-00000000CA01}896916C:\Windows\system32\svchost.exe{3BF36828-5A86-611D-C703-00000000CA01}1944C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954419Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:56.545{3BF36828-401B-611D-0D00-00000000CA01}896916C:\Windows\system32\svchost.exe{3BF36828-5A86-611D-C703-00000000CA01}1944C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954418Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:56.545{3BF36828-401B-611D-0D00-00000000CA01}896916C:\Windows\system32\svchost.exe{3BF36828-5A86-611D-C703-00000000CA01}1944C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954417Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:56.545{3BF36828-401B-611D-0D00-00000000CA01}896916C:\Windows\system32\svchost.exe{3BF36828-5A86-611D-C703-00000000CA01}1944C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954416Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:56.545{3BF36828-401B-611D-0D00-00000000CA01}896916C:\Windows\system32\svchost.exe{3BF36828-5A86-611D-C703-00000000CA01}1944C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954415Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:56.545{3BF36828-401B-611D-0D00-00000000CA01}896916C:\Windows\system32\svchost.exe{3BF36828-5A86-611D-C703-00000000CA01}1944C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954414Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:56.545{3BF36828-401B-611D-0D00-00000000CA01}896916C:\Windows\system32\svchost.exe{3BF36828-5A86-611D-C703-00000000CA01}1944C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000047954413Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:56.529{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=064F48F282433C7DFC6A71D5C1876591,SHA256=7E6EC86FEEEA03BE45C2C486E82235711D2E8AB29A696BA86A8CDE3BA7D880CD,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030724975Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:57.566{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1B3CEACC186D2AF6A76448E741398E06,SHA256=4F65D1C4654C5AE620076830BFC3B01373D8F1E4E0BEDBA093092838AD4129E4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030724976Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:58.585{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F0C6F15EBFDC654988E5520C5DD940C5,SHA256=2E7F6BAAF80E0960CC428602B894C32321003A8A64A3B536CF45B848E77F1FA8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954428Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:58.019{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F6EC3835EC3606C71977D5F0FE0D7C44,SHA256=BA7A24829090B3B5A51C3E7420A109382A465994ACAB011A0AB1A5DC2E8EE11A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954427Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:58.019{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ABD8313B548BA8A71F8BBC5878022347,SHA256=242487EC96B4D7698586DF9648115B506834528A6466A24344B9B7129FFFDA06,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030724977Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:59.600{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FB243EEB266810B3B8CB5B0C52955B0E,SHA256=B0F210E955A36E0297122B9F8F773EF3689E696B79FC0B9322DFC932666728E0,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954430Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:59.160{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=FA66FAB3BFD390F8C5C1532DC0472847,SHA256=39C0663A26B621E1ACA556853A6F66C84BADC16E5F3C18B7E7270136199D4587,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954429Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:59.019{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0278E11060F34B65F71FC5925CA5AF5F,SHA256=8CD8BE5C5559B585E810CFF2212E0FD663D205F8D966FC1E9EF447CAA859718E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030724979Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:00.630{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=10BF5B97C81B733914E06399EACAAF87,SHA256=B117FE007FCF0B109C292966DFA641FD5864AEDAE8947082896614B6328503C3,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000047954433Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:57.071{3BF36828-4037-611D-7100-00000000CA01}4948C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local53747-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000047954432Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:00.175{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=6952ABE46045C5FAD62C770D14AFE140,SHA256=ADBD3ED68281D6D081C38DA08BC7D028145100492307B2BC0F1F82A2B24B0D25,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954431Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:00.035{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=158DE974D24B3340B817F09F436D9539,SHA256=305851BFC7E9FD479340D529D1FD167DCA79BCAFC13E18463F0328F547725292,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030724978Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:00.146{B81B27B7-4012-611D-1100-00000000C801}968NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=ABC1355561EFF0E7F324FABCBFEDAD48,SHA256=EF3A6B207AF406928D294D81E3BB7D3FE2A70EC0F4453F9FDA322140E5F30CDE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030724981Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:01.645{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F21AAD689687A8735ABC0E0DF36281DD,SHA256=CD5EB2D1CC3D81DC0F96B02C87BEB8DBA8D4108CF2D05F657305211A859891A1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954435Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:01.550{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B35041961DBFD0552441467A6539D651,SHA256=55A0E9373A7CF10E9E5A885A40AD0D85810782732220C59970B26AB299AD39F8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954434Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:01.050{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D2E5F73E58EFF75E04F7D36384DEB773,SHA256=14EC17D66E6A58256D8951623D0792580C47BA4812F9DC187F4257B7F061E156,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000030724980Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:05.143{B81B27B7-401D-611D-6900-00000000C801}3616C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58833-false10.0.1.12-8000- 23542300x800000000000000030724982Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:02.661{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B2642A83E5F91D3ADE54F17FC054BC84,SHA256=26DA4B0EAE6D7E9649293683E182DACFD9844AB9D5BE033377C4E54E124D5D07,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954437Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:02.628{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=EC5FED708B0C92E2EBB2C0D9E0E0DDB8,SHA256=990820EBB7A215FEBE70DD744B3D67FE1499E769927994719202CDF0AC413654,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954436Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:02.050{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8E4029E1C89A7F1B503E81D2B987436C,SHA256=F027E1938102BB7F0C2E0E1B25C3B1FE620341F2B30B1D643D57AB34CF224D99,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000030724991Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:03.861{B81B27B7-4014-611D-3000-00000000C801}31443164C:\Windows\system32\conhost.exe{B81B27B7-6373-6125-5800-01000000C801}6308C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030724990Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:03.843{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030724989Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:03.843{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030724988Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:03.843{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030724987Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:03.843{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030724986Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:03.843{B81B27B7-4012-611D-0500-00000000C801}420436C:\Windows\system32\csrss.exe{B81B27B7-6373-6125-5800-01000000C801}6308C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000030724985Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:03.843{B81B27B7-4013-611D-2700-00000000C801}20763760C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{B81B27B7-6373-6125-5800-01000000C801}6308C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000030724984Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:03.844{B81B27B7-6373-6125-5800-01000000C801}6308C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{B81B27B7-4012-611D-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{B81B27B7-4013-611D-2700-00000000C801}2076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000030724983Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:03.681{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D353B4862855A7E48970336168E35AB1,SHA256=1A7652065807B6418ED81650A22ADDFE8531610A50CE6AF69A01995E4ED6BBDD,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954439Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:03.879{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=E54D267BCA5D0E2BAD1D0BB097915679,SHA256=960AFC06AA97654446AD3B6F6B08BFFBA7855A8ACB7E6ABD59CB12CBEA73B07D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954438Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:03.066{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=02B88914DC04C59E5A8924C8ECF9B06D,SHA256=5B59F8CF05698E8BDA98A38FBA4EAC06AAA16F121510175F9C51DCF0C69B3452,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725003Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:04.852{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=96BE8E4F0127D62A515CE1ABC0B39E1E,SHA256=6095E09C36195E153FECC95B6CEEB10BD17DFB4FA5749818C54E02C2FE499A00,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725002Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:04.852{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=8367D34B135919B047E262D8E431ECCB,SHA256=D86126728D755A06B3EB77BCE7C8651C9A09FC998C031417BD9F91F969A292BB,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000030725001Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:04.690{B81B27B7-6374-6125-5900-01000000C801}60804132C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{B81B27B7-4013-611D-2700-00000000C801}2076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000030725000Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:04.690{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=30C24CE00813197835AC3943CC2B29F8,SHA256=A5D3945C95A9CC4DD4E88B9F6D09C512FDB38E52B9A586AEEFD0ACF2D73A50F5,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954440Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:04.082{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BA1587CCF779A1D46968732F5CDFFEB1,SHA256=2053C5F982CD9AA0696A7252A8C0A3542A165572391D1FDA40B11BCCBCA2125F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000030724999Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:04.553{B81B27B7-4014-611D-3000-00000000C801}31443164C:\Windows\system32\conhost.exe{B81B27B7-6374-6125-5900-01000000C801}6080C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030724998Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:04.553{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030724997Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:04.553{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030724996Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:04.553{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030724995Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:04.553{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030724994Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:04.553{B81B27B7-4012-611D-0500-00000000C801}420436C:\Windows\system32\csrss.exe{B81B27B7-6374-6125-5900-01000000C801}6080C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000030724993Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:04.553{B81B27B7-4013-611D-2700-00000000C801}20763760C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{B81B27B7-6374-6125-5900-01000000C801}6080C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000030724992Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:04.538{B81B27B7-6374-6125-5900-01000000C801}6080C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{B81B27B7-4012-611D-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{B81B27B7-4013-611D-2700-00000000C801}2076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000030725004Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:05.736{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C2F1DB516D62A6C9BBF95D1C433E4AE9,SHA256=CB36ADFAE6F79724A8AB67887BBD8803803AAAACA216F3286A818FD16013EC40,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000047954444Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:01.790{3BF36828-4019-611D-0B00-00000000CA01}628C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-128.attackrange.local53748-true0:0:0:0:0:0:0:1win-dc-128.attackrange.local389ldap 354300x800000000000000047954443Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:01.790{3BF36828-402C-611D-2900-00000000CA01}2928C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-128.attackrange.local53748-true0:0:0:0:0:0:0:1win-dc-128.attackrange.local389ldap 23542300x800000000000000047954442Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:05.175{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=BBA203C1E2967438CAF0E396A5A6627A,SHA256=FF075B3EFF5448B615783CD18DA9F309EB0B621D087955EB99D6209D30D6ED57,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954441Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:05.097{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=365CD745D3BCC82F14B970AD9707E7BA,SHA256=51643F2018EB2192BF1DB2ED0A9432A56F9AE62101E2EC9B5D894A41E81B6D42,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725006Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:06.751{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BB974D057753DD32DC409BB4E398642F,SHA256=B692A540058412453E8548A2F4BD7C0FB3F21A983F7AF8B94D43BBE18F2D4164,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000047954447Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:03.071{3BF36828-4037-611D-7100-00000000CA01}4948C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local53749-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000047954446Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:06.472{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=6C11691E043BFBF204026D04FC206CFF,SHA256=C73CA67BE721B88D9A810916F1730F4EACDF538FB81CEC2C0AAAB141C9539F88,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954445Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:06.144{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C0D146B6C38B4637D07D51DE79A7BCD4,SHA256=7774FE48ACB9927903740E3C09757680A3AA836FF4038A6F02AF9813BA9B158B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000030725005Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:11.132{B81B27B7-401D-611D-6900-00000000C801}3616C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58834-false10.0.1.12-8000- 23542300x800000000000000030725007Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:07.769{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=42C7AE0E1E8BC9405F91859522A3AB2C,SHA256=0043C201730BC3F31E8E0F2FAAF00FF908519B00953B27F8C3E2F95723BC2A7C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954449Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:07.800{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=5195FF4D0FD6045814355720D6C7AF16,SHA256=E26DE60977F9A9AEDBE961587F9B05B113D90B0D340EDA6A40CCB57DD3919200,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954448Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:07.175{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B0E889F36769FB00E5F351739E9540D9,SHA256=BC6A6D3E1EDBBBDB18EB069B1E2BFCE9592A246886653E9F14CAAE67AEDA92FA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725008Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:08.817{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8F0553D591DE6DC8DB346E01667B8E92,SHA256=D7A3C79823257DA54D6A500A07D3D0A685ED1262D35A75BAC3F6D20D2A704681,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954461Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:08.878{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=1829760AFA68F76738B379CF4D9B9A5F,SHA256=DF36A28DDCD2C0962B2648B3229C9B85E2A837CF994177A396F1B953B4E07263,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 13241300x800000000000000047954460Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-SetValue2021-08-24 21:24:08.503{3BF36828-4019-611D-0B00-00000000CA01}628C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000047954459Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-SetValue2021-08-24 21:24:08.503{3BF36828-4019-611D-0B00-00000000CA01}628C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x1fca3326) 13241300x800000000000000047954458Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-SetValue2021-08-24 21:24:08.503{3BF36828-4019-611D-0B00-00000000CA01}628C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d79925-0xfdc60f75) 13241300x800000000000000047954457Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-SetValue2021-08-24 21:24:08.503{3BF36828-4019-611D-0B00-00000000CA01}628C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7992e-0x5f8a7775) 13241300x800000000000000047954456Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-SetValue2021-08-24 21:24:08.503{3BF36828-4019-611D-0B00-00000000CA01}628C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d79936-0xc14edf75) 13241300x800000000000000047954455Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-SetValue2021-08-24 21:24:08.503{3BF36828-4019-611D-0B00-00000000CA01}628C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000047954454Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-SetValue2021-08-24 21:24:08.503{3BF36828-4019-611D-0B00-00000000CA01}628C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x1fca3326) 13241300x800000000000000047954453Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-SetValue2021-08-24 21:24:08.503{3BF36828-4019-611D-0B00-00000000CA01}628C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d79925-0xfdc60f75) 13241300x800000000000000047954452Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-SetValue2021-08-24 21:24:08.503{3BF36828-4019-611D-0B00-00000000CA01}628C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7992e-0x5f8a7775) 13241300x800000000000000047954451Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-SetValue2021-08-24 21:24:08.503{3BF36828-4019-611D-0B00-00000000CA01}628C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d79936-0xc14edf75) 23542300x800000000000000047954450Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:08.207{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AE78159E93FA29ABF361CDF3F139F803,SHA256=2C3E833626971EED04A2B09835E1FC1E4497F995D5DA37861640998CC8C4E321,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725009Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:09.865{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=885434D8D25760B300EE4729B5978FD0,SHA256=48A81C871C9F65F151B964C93769539E9B29502747243D03C04E147477B9F1A0,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954462Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:09.222{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F9DA7D83BAE0FD487ADA3D83946CB668,SHA256=EE0527BA8A8FFF63B2A2C54E3BD738841E1F72EA67D6B7BBE98A8B40DDB3787A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725010Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:10.964{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0AB28430C7B6CF4044BA1E22D92BE3A0,SHA256=7822D13212CC798BA5110B2AD5F5E88D07E12FEBAEE7A8BE22F8D64E63930226,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954464Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:10.394{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F823DBAA96E02147E3408180CD9E4829,SHA256=C094700AB54ADD566F91986840A97C13143FE9273C548B82E5B1126D4E9FDA78,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954463Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:10.238{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=21C7796785C54643AC97EE0B1E721DA0,SHA256=F8DBD09EC528A9F27BBC7D5207536C2BECC36850880519AD3B849FAD2990E594,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725011Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:11.983{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=54191361D536991455C2548FBD754BDE,SHA256=AFC16FA80908C81F03EED3D883DE54F912D72178E16BBF16567D622FC4F5CC58,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954467Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:11.519{3BF36828-402C-611D-3000-00000000CA01}2220NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=9D45E1BDB6F237A6CF51FFC6A12E6130,SHA256=87EEE278CDF62B2B86AF9CB87BDB04BAFB10272CEA175D83979B0C43158C5AB9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954466Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:11.441{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=32070149A062C26D7E94E30E5B625F96,SHA256=3D03C2BDD07739364B287CA38D53291F4CDF7AC17CFD206306B4515FDCABA77C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954465Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:11.238{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8A866F93B3AE956DE3E66A46CA058048,SHA256=559AB2B3ADD27E36348F3332DBE34FC90B758DD98FBA0D2CC9D2A98D6811B6D1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000030725012Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:17.111{B81B27B7-401D-611D-6900-00000000C801}3616C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58835-false10.0.1.12-8000- 23542300x800000000000000047954469Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:12.550{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=37BFCA429BAE431206D3571D845E697C,SHA256=A80551BB24BDEAF3BF394CBCF7180057D30998F537D6BBBDECD607B25856DEEA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954468Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:12.285{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=00D648787C5E07C72ADA5857784459E7,SHA256=4DFB4877BB926FEF6A584BC0BFB44703999A92DBF5B09BE179C2FF39F4483C13,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000030725022Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:13.512{B81B27B7-637D-6125-5A00-01000000C801}35083340C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{B81B27B7-4013-611D-2700-00000000C801}2076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725021Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:13.328{B81B27B7-4014-611D-3000-00000000C801}31443164C:\Windows\system32\conhost.exe{B81B27B7-637D-6125-5A00-01000000C801}3508C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725020Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:13.328{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725019Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:13.328{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725018Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:13.328{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725017Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:13.328{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725016Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:13.328{B81B27B7-4012-611D-0500-00000000C801}420536C:\Windows\system32\csrss.exe{B81B27B7-637D-6125-5A00-01000000C801}3508C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000030725015Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:13.328{B81B27B7-4013-611D-2700-00000000C801}20763760C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{B81B27B7-637D-6125-5A00-01000000C801}3508C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000030725014Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:13.313{B81B27B7-637D-6125-5A00-01000000C801}3508C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{B81B27B7-4012-611D-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{B81B27B7-4013-611D-2700-00000000C801}2076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000030725013Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:13.062{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5B487CA1F36273AD9F484772C69E007C,SHA256=0F9F2BA782E7DE3017E5CCDE25001927F104E19FD8ED51F078114A39CC700DE3,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954473Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:13.832{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=06DCC9B469F7FD1A7999F6EE8C385AB3,SHA256=29190E018F7E7E63C6D22BC518299C4349AD99E4B104AF23B940380CB7777FF9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954472Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:13.316{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1B961E580B5132A27111F3F4434EB76B,SHA256=140BDBDB39680866DD3BEEBF0191F1DB4E67FEB387F70BA7F5A50171C7B30EE7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000047954471Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:09.352{3BF36828-402C-611D-3000-00000000CA01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local53751-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8089- 354300x800000000000000047954470Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:08.946{3BF36828-4037-611D-7100-00000000CA01}4948C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local53750-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000047954474Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:14.332{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=26DA06B3B52C6BDCB00C6B2D0F8C9B4F,SHA256=5FE68F0C6632C8EBBB288CC3B6FA49C8E23BCA0EE2C3161192F4A170FFA883C3,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725033Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:14.395{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=827C662D462F33B3F6EFF1389B581F68,SHA256=042393744E87C8E5A91AB5A1C1B9E5A09DD8AB7BD403E0F44AA6C72D4E598718,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725032Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:14.395{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=96BE8E4F0127D62A515CE1ABC0B39E1E,SHA256=6095E09C36195E153FECC95B6CEEB10BD17DFB4FA5749818C54E02C2FE499A00,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725031Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:14.096{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CBA87E47F065A00F198134497807C3ED,SHA256=52F5F5FCDE3584A51693464C80A2BAFDAE928CBA16229FA8C7F19F7B5CCFD45A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000030725030Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:14.027{B81B27B7-4014-611D-3000-00000000C801}31443164C:\Windows\system32\conhost.exe{B81B27B7-637E-6125-5B00-01000000C801}4576C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725029Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:14.027{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725028Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:14.027{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725027Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:14.027{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725026Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:14.027{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725025Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:14.027{B81B27B7-4012-611D-0500-00000000C801}420984C:\Windows\system32\csrss.exe{B81B27B7-637E-6125-5B00-01000000C801}4576C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000030725024Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:14.027{B81B27B7-4013-611D-2700-00000000C801}20763760C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{B81B27B7-637E-6125-5B00-01000000C801}4576C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000030725023Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:14.012{B81B27B7-637E-6125-5B00-01000000C801}4576C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{B81B27B7-4012-611D-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{B81B27B7-4013-611D-2700-00000000C801}2076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000047954476Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:15.347{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=301ED026197F0A36492AD9FCE552A22A,SHA256=E01B5735EC5A8F35EE2EA57B19B114082B5DD911DD0A3042F2162E71B8FBACBA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725034Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:15.126{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DF4A87C06FADD4794DB0FF5845708DA0,SHA256=683C8DF13CDBFB93667CAB28A9B4E07934F7DFEBB8C89574789371E95DACF188,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954475Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:15.222{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=1CEEFB4B25E5935BFA04E35E6B095A4C,SHA256=9A53F639FA963AD8563F9EB505BD239FF3194E5EB804CD72C5A66D2B38926286,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954478Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:16.465{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=008435A298B25912BCAC4B1DA8B6F69B,SHA256=914E5E250373AF47CEE23A23EC0DB852B9FDD375BCAA1585DCF279F1077DC6DF,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954477Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:16.356{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=266962D53A0780868A19D218788A58B0,SHA256=BF86F3C82EA74E772ED59FD2496B65C6B3B0A1AA3C8585102CF95A1C20B36DC7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725035Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:16.158{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=73D2626DDD87FE6B371E6EDF162C7BBF,SHA256=B7444CDB5CDCD6F76DCB36778C4BF765F6A29F3D1F0270D66AA469DBB9399776,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000030725037Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:22.183{B81B27B7-401D-611D-6900-00000000C801}3616C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58836-false10.0.1.12-8000- 23542300x800000000000000030725036Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:17.177{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9F6DB6ED4C647D8BCE440F61E2220C30,SHA256=985844FC856328F4AB71231D0403EF79A10790F29C80AD117B63F53FB2106FE0,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954480Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:17.700{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=DBA198D127AB101B79B83821BDFF28FB,SHA256=5FA5B4399E2C37479CBE673DD2583AB7D4961E382B1877A04B45667E624CF45E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954479Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:17.356{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=27ED225850BE86F29F31502F5F1B3051,SHA256=585F0EE7CAA86EDC68A3CDEC2CEF5684050CA5808C20C445CC5E4C28210CEAEA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725038Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:18.191{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7DEA80E31712B88418550CAD9201BCD3,SHA256=FECFC1273EBA8BDDCCB5BE273B1D515592346B83DA8303EB176FAFD2A4A6B756,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954483Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:18.872{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A0DE9131C2EB79D098CE31DD730C9CC2,SHA256=7ADF925FB3AAC84D0E2B8C6F0F1DCECBF63E9A6C3AB0D6826F28CC38BAF2432B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954482Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:18.372{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9619B9F15CED277C5C39D44C89F99F27,SHA256=35C284D0730227F76AE21B1AC7012F312E888C57E73B4F750E40B825889686AC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000047954481Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:14.048{3BF36828-4037-611D-7100-00000000CA01}4948C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local53752-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000047954484Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:19.403{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B3D9C2E081DB6CAEDD7E4EF2DA265524,SHA256=DB5A011F8EDD48623B88DA3BFA676BAF5AC0E6150E5A572410263F54680FE5EC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000030725050Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:19.958{B81B27B7-4014-611D-3000-00000000C801}31443164C:\Windows\system32\conhost.exe{B81B27B7-6383-6125-5C00-01000000C801}2464C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725049Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:19.958{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725048Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:19.958{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725047Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:19.958{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725046Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:19.958{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725045Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:19.958{B81B27B7-4012-611D-0500-00000000C801}420536C:\Windows\system32\csrss.exe{B81B27B7-6383-6125-5C00-01000000C801}2464C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000030725044Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:19.958{B81B27B7-4013-611D-2700-00000000C801}20763760C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{B81B27B7-6383-6125-5C00-01000000C801}2464C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000030725043Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:19.953{B81B27B7-6383-6125-5C00-01000000C801}2464C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{B81B27B7-4012-611D-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{B81B27B7-4013-611D-2700-00000000C801}2076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000030725042Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:19.454{B81B27B7-5BF5-611D-6D04-00000000C801}5004ATTACKRANGE\REED_SCHMIDTC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\reed_schmidt\AppData\Roaming\Mozilla\Firefox\Profiles\ascrdua7.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmMD5=B7C14EC6110FA820CA6B65F5AEC85911,SHA256=FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725041Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:19.453{B81B27B7-5BF5-611D-6D04-00000000C801}5004ATTACKRANGE\REED_SCHMIDTC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\reed_schmidt\AppData\Roaming\Mozilla\Firefox\Profiles\ascrdua7.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shmMD5=8C0D5B49989CA4193B604DA9D89EF16C,SHA256=89E1B72549A9FE16AE71F144D8F5C570DEF10A746B205BE0A969B3D624490049,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725040Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:19.206{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B71C88CAA9E5B7E328CA6437D18A5C1D,SHA256=9FE51286D86CD30AD9B625935BF22E866E1DB37835529165A7CC8E2459EB3C5B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725039Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:19.174{B81B27B7-4013-611D-2700-00000000C801}2076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=9D45E1BDB6F237A6CF51FFC6A12E6130,SHA256=87EEE278CDF62B2B86AF9CB87BDB04BAFB10272CEA175D83979B0C43158C5AB9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954487Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:20.418{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9A28301B57037882700D89711188C650,SHA256=D488B7607D81F48D9A3FE7564B1897EE068CEB7309DA9BE19332F412B185F64D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725063Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:20.962{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=066E856AB62B2E607B2256A1DAE78577,SHA256=C353E89C36975E7F3A7EBAF23D8C3A1A93851AD8AE215325BD51D7CCB60EE0F3,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725062Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:20.962{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=827C662D462F33B3F6EFF1389B581F68,SHA256=042393744E87C8E5A91AB5A1C1B9E5A09DD8AB7BD403E0F44AA6C72D4E598718,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000030725061Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:20.828{B81B27B7-6384-6125-5D00-01000000C801}40365336C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{B81B27B7-4013-611D-2700-00000000C801}2076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725060Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:20.654{B81B27B7-4014-611D-3000-00000000C801}31443164C:\Windows\system32\conhost.exe{B81B27B7-6384-6125-5D00-01000000C801}4036C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725059Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:20.652{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725058Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:20.652{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725057Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:20.652{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725056Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:20.652{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725055Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:20.651{B81B27B7-4012-611D-0500-00000000C801}420436C:\Windows\system32\csrss.exe{B81B27B7-6384-6125-5D00-01000000C801}4036C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000030725054Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:20.651{B81B27B7-4013-611D-2700-00000000C801}20763760C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{B81B27B7-6384-6125-5D00-01000000C801}4036C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000030725053Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:20.636{B81B27B7-6384-6125-5D00-01000000C801}4036C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{B81B27B7-4012-611D-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{B81B27B7-4013-611D-2700-00000000C801}2076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000030725052Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:20.206{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3F79FD826816757E4C148E8C0DB91553,SHA256=6070DCB8F7805E468EEF4C4BFA2A3FF9448A54A80AC394F4C4EC49AC63BC6755,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954486Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:20.403{3BF36828-401B-611D-1200-00000000CA01}760NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=59382F7474B495968D67F3A7B0FA32CF,SHA256=AAEF44FAE30FEF5258317B961262933810E79178C294498A8902BC1F4F772D63,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954485Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:20.090{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=89C43969C04DAC31849222EF47585EED,SHA256=FC2A4D987AAEADFFAFF2F0BAA7BA3463A5F7FC8194158B0A830921C8094B8F7D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000030725051Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:20.153{B81B27B7-6383-6125-5C00-01000000C801}24644316C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{B81B27B7-4013-611D-2700-00000000C801}2076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000047954489Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:21.590{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=0B8E7B1D8A4336883A47BE400A3B07A9,SHA256=7412CFFA3C43EAA9D591EBF6CEBCDAA255E64D5274B94AFC30608241C3AC5CCA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954488Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:21.481{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E7B2D93E70BFD9806D850395564A42CE,SHA256=5A3C4C763273FD85701F78D71651479D24CA985B7D6BBB3C37085CA71B682B6C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000030725065Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:26.080{B81B27B7-4013-611D-2700-00000000C801}2076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58837-false10.0.1.12-8089- 23542300x800000000000000030725064Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:21.228{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5492EFF1A5F1A154F90708868938ADA7,SHA256=66D9BCEB47ED27DEE52701EA429BF8A7C810A42D2FABFE7E9B191B67BE6EA176,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725066Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:22.260{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=24D62338D7911D28DE0D649C950DF3FF,SHA256=96E9557A3BE1CB91AB13379BC1E0DC5F4A840EA34D3BCE9521AE4307A468570D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954491Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:22.965{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=33714907BDD924F5593DD605BAD3682F,SHA256=869939341CF6D1946812B69C521529BA47B65D6B4FD4E35F18AD261A1B1350DC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954490Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:22.497{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EAB8AA7C85C0CC1918703D2E2815CF5A,SHA256=92B3406A2376B4A02542B449FE931C409D6174A44F4CA4414E53D08760D556BE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954492Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:23.559{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E70C9A51F89AC646BD217773671EDD84,SHA256=D25C0E46279184E0C68B63AD64B52C07EBDDC3514292F0BB702AE7261B64412D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000030725076Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:28.108{B81B27B7-401D-611D-6900-00000000C801}3616C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58838-false10.0.1.12-8000- 23542300x800000000000000030725075Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:23.294{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=24A37CCA0525BC05C6B354CEA74FB7E5,SHA256=0C8D9EB3B4C51B52B3230166D0C08373F7178AAEBA12E4FC8990181FAA002C20,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000030725074Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:23.110{B81B27B7-4014-611D-3000-00000000C801}31443164C:\Windows\system32\conhost.exe{B81B27B7-6387-6125-5E00-01000000C801}6912C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725073Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:23.110{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725072Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:23.110{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725071Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:23.110{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725070Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:23.110{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725069Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:23.110{B81B27B7-4012-611D-0500-00000000C801}420536C:\Windows\system32\csrss.exe{B81B27B7-6387-6125-5E00-01000000C801}6912C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000030725068Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:23.110{B81B27B7-4013-611D-2700-00000000C801}20763760C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{B81B27B7-6387-6125-5E00-01000000C801}6912C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000030725067Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:23.095{B81B27B7-6387-6125-5E00-01000000C801}6912C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{B81B27B7-4012-611D-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{B81B27B7-4013-611D-2700-00000000C801}2076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000047954495Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:24.575{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F2F3CDDD81BB2F8DEC1735DF5F27D5DB,SHA256=22840CB922141E74BBE6C1C70337EAB1DB40F50B3265C6BFC0FE4CA8A4FE60C0,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725078Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:24.309{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AE22F9B28E77F1F85AFAE801ADE56ADB,SHA256=7F260631812D00592F1FAA518FBBE0B464FBB67D18165860CF8E88297D6D7CAE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000047954494Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:19.939{3BF36828-4037-611D-7100-00000000CA01}4948C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local53753-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000047954493Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:24.043{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=22FFB633D4B289A9ECC415874095F9B2,SHA256=3DFAD79999EE3DF6DDA52761AAAE1A752AA53D59E77657D6989EB991EC8CC370,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725077Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:24.109{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=066E856AB62B2E607B2256A1DAE78577,SHA256=C353E89C36975E7F3A7EBAF23D8C3A1A93851AD8AE215325BD51D7CCB60EE0F3,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954497Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:25.575{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E297E87C42323C045AECB85AB76AD82E,SHA256=A477E6EDE58837471F0087BB86B61DCA4B1201BB623B06D016A04B974E386A91,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725079Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:25.311{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=986825E38BA1EC03C7146BD4C375B635,SHA256=94A45D88FBDEDB29C9CC35E6F2594173E89A784D0CC34F08E1C43E400A268EE3,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954496Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:25.278{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=AC544A2DD864FBE825ADE4FDE7E79F6B,SHA256=F535286BE9E2C0E60B8920A46B6CBB0CE6D57028E15A26EF66D0ED8F20066741,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954499Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:26.778{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D4CA6532696737C22DAE9012A2BC65B5,SHA256=D0AEEA37A5181F3A42F606525E887D93FCDB44BBBA402BBF807FAA6AB052C2DF,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954498Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:26.590{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ECFFD4B18B83A087C5B708F68012CA89,SHA256=99B2BEDA78D3B5BE9E61709258B428F3B6823391411747F88EFBC8BB7B853F5A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725080Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:26.340{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=43149FA9854772B6B1AFA5B027A9B758,SHA256=F48AF05FAB542E42BD686FA4A091384569139C32E1EE516EB99AC1D70483D33F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725081Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:27.357{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=155DADC3C846B0E9B79A82430F73A529,SHA256=181E6677F6235C3E35FF35A5B5F82D69E04CF7129D46D7DAB709FB5E885B2832,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954500Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:27.590{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=90C2D982D7FBAAF8E03D180F22C355AC,SHA256=5D17EE89781CD7CA43A0675787F37CAB7B0E1FE88692137B89161CCD6D281173,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954503Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:28.606{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BF4CA10AF0AD19024668026DAA15D3EF,SHA256=3035C158A402128E528FBD9BEA36113BE4B6DEA6116DC7472AE274F2BE484454,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000030725083Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:34.003{B81B27B7-401D-611D-6900-00000000C801}3616C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58839-false10.0.1.12-8000- 23542300x800000000000000030725082Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:28.375{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=48E775A15ADE7282E5F0618B42FA2259,SHA256=C9F3DEF88E968636FC9987F547D0C78AA7DAE22D29588B97F8AA683D3C4C09B7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000047954502Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:25.000{3BF36828-4037-611D-7100-00000000CA01}4948C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local53754-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000047954501Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:28.028{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=71EA4B9DC643F58CE82EE68C505A3E5A,SHA256=C84B1A8F0BB8EF06571F4BA44F3EFCB00A85DAB9B9AE1351E455A0A5380FDAEF,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954505Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:29.653{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D6184699EE11ABEE0DBFE59FDA75D993,SHA256=39A5B9546F4EED50778F21777F16B30E12E0721DC11482374777AC81685B1232,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725084Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:29.390{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A9A54FD084F0E5179D64A5A83D783556,SHA256=4B1A1A5ED48F05FB884664954664F83FBA034691FBFD254A9DA5E63A7E250C31,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954504Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:29.059{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=78697617B2E822B7F3633ECA1C657D17,SHA256=DD82583EC649C6BBFFB47295CEF9156ABE50CA677431E0ED210A8FA0791A25E8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954507Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:30.684{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=246A3B263546D10F33D8AF51B34684AA,SHA256=BCF976E7D8421E5BC01FF2F5C40751B60D4257EAE1F6CAE8CC152D392F21DA43,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725085Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:30.436{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=388C911D5A9A4E06F3E44F22F0659198,SHA256=C4DA46A087EC5C3276EF23213D2D4F7FA7D2B027219EEC50BFDA0F2FBDFE52F6,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954506Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:30.528{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D93977B41F40D9B76C0AA2570BA7C55B,SHA256=8A58035466DB5DA7A7BEEC3DA7F3273F98C84D8D4E09F9E1E0B8E29A3A335450,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954509Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:31.684{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9DEE99B2BA65C1AF01501DBCF4C58D53,SHA256=3FF123F1AE5A4800D9ED6BC30FA639CF22D9EE6F877F406D21D8FAB194314A4D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725086Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:31.453{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B11F36AB3F6EC7D86CE9997E31D5D235,SHA256=F2C4A45AAC3C019A5257E2A9565E0381007274187F0DD16C22F2E0EF2837283D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954508Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:31.575{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=9FD37091B5940A911AAFFF917E13161A,SHA256=C69C9682E5BAF8B158833A90916ADAB3A175881C89BB278F273FFC278FF1B13C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954511Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:32.965{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=97678D6D510693B774EE7DA6A4C49D87,SHA256=4E816404386027540B036CA1A8EF9941577A08A6F875BE6E6F8DE82907D16624,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954510Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:32.731{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7DB4C8F75B7E530D6F34CC29404992CA,SHA256=585455D9D770F0BBA3A528D9FF9000E7368DDCDA0D9268591E34FAD664D57B52,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725087Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:32.456{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E966168DBFB681463D6E509CA4741C74,SHA256=D5864C28C02967FC3BC78B74B7F69C5015DB28B17FAA9EB7BE0A4FBD194AE92E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725088Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:33.471{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=465E184CEB6449ADFB5B3CA57938DFAB,SHA256=11CF5145829633A85B15F0FF68E6DA2C32A27B13C581E568763642BF38D76D7E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954513Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:33.762{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A34D152C206BF2EA0D271D9222F42D36,SHA256=FAE857759D4928B882105F1EF3205E405166D2534AB9522A176610AF0F2466E1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000047954512Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:30.095{3BF36828-4037-611D-7100-00000000CA01}4948C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local53755-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000047954515Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:34.778{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=61DD54D7056AA28222AE7AE904A2BC1F,SHA256=69AACED78BDEC82ACC6865568D1F1BB414874BE9B05FEDE391A62BB61F466DAA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000030725090Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:40.013{B81B27B7-401D-611D-6900-00000000C801}3616C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58840-false10.0.1.12-8000- 23542300x800000000000000030725089Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:34.516{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=70A35E8C0BFF2B7B955FCCC60139ABE2,SHA256=BBBC6E0AEF024B3F96AE1E3E2D4752E6E13516A2172F8B4C2673505DA460604C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954514Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:34.090{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=96D6709EECF20FF897690DDF90D44318,SHA256=C926E6EC38AB87BDF927D7934D7D519B3324C6F03690AD6BA943C197DC003985,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954517Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:35.781{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F71945C7A768E89477534C8E891A50F9,SHA256=D776DB9CBA7A3495D38D8455E29E4C9A835D6B7190427696728A900A7730E880,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725091Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:35.530{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4B99AEB374E356062B4D2DCF99EBB572,SHA256=F8C6895C5012C1393A67395DBC76B01880046ACB12C54447FF9C18651B37E6F6,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954516Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:35.184{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=8F2C9033B5B936FB247E1BB985AE4540,SHA256=27BD8BC1DAD2656995A304B2B2CEFBB567E0309F565FE7DEA46C129E2AD5E9D5,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954519Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:36.813{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7AA1495AD8525693552AE4106565AC0B,SHA256=DFCCBAC46709CC68C62802A31B1F43B91D83A3A281FBD57B7626C4EE9F1350CF,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725092Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:36.551{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9B49E1C16A090AD42E635358051A83E6,SHA256=8610E36B873C015827973DBD1D05C2413E9C5D9F19E72DE0CD25CA438B3D2173,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954518Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:36.438{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=893377136B202F07E475BB90CAB0A3CF,SHA256=0479D06CF34A048AB6ED7825774CA9ED612D35E115D1348D44DED8B48164ECD2,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954521Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:37.813{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=11C101824B502ECA9D4A69443A46FAAF,SHA256=40AA43747CD117D082795484B4152F31B375B7276CEA146DA648BB1200E0DF57,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725093Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:37.581{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FED09077D0215C4BAB04A284B36ED961,SHA256=8AD456C8839FC59D6EF3016EA76DD00461CBB9F9162DA1AE5CF75D96B9238CAF,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954520Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:37.703{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=89467F2E0F0AAF1DE4F8EAFC3CE36181,SHA256=BF69492056EBBACAD0F954D2AF3344B088ABFF8CD6F33C250695D78D77AA755A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954523Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:38.828{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F7C28609A059BBD34B00696F184819D8,SHA256=980ADC39A92814F73CCDAA8A2F8D641D8680FDC6F7D952539B544F1F5D754B58,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725094Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:38.612{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=92281B80C7E4C047D601054373B51D93,SHA256=6BCCCF0E0D922B32627F4A2A323C0A0F47F1B1852A8D2530233D96019576D118,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954522Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:38.797{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=1CCF47C59C802C608BCCAE81540CBC8A,SHA256=DA0B3A31B87F1DF977E3204866E6E65779D87BEE8E6093A289255EA031E79A5B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954525Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:39.953{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C1CF81F54794442C51EB6F704970F059,SHA256=A5FC658C4B9853BEE4B57D001BAED49A050511D5A9EE607F853798E911526178,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725097Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:39.648{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=15382D2C793717281E0D1DEA86A4980D,SHA256=C0209F0B7A3098045978509C2BED28A7E9EBBE50D101E0D6855F90278C8BBA3E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000047954524Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:36.037{3BF36828-4037-611D-7100-00000000CA01}4948C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local53756-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 354300x800000000000000030725096Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:45.092{B81B27B7-401D-611D-6900-00000000C801}3616C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58841-false10.0.1.12-8000- 13241300x800000000000000030725095Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-SetValue2021-08-24 21:24:39.165{B81B27B7-4012-611D-1000-00000000C801}976C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d7992e-0x720bfb0d) 23542300x800000000000000047954528Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:40.953{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=19500DF98DBBFC60FD0346E85096BEE1,SHA256=55E512E3E142DAB06E7E74299EC90B79EB7FAF26D59D8D456315C90967A0DCBC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725100Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:40.666{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DC582CAC469DA05FB6A8F9249C3B0FC0,SHA256=CB2787F803775E9A6B112581A4A6E6FB1D344486AD1FA17E11A7B8B566F57AAC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000047954527Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:36.993{3BF36828-401B-611D-1100-00000000CA01}396C:\Windows\System32\svchost.exeNT AUTHORITY\LOCAL SERVICEudpfalsefalse10.0.1.14win-dc-128.attackrange.local123ntpfalse10.0.1.15WIN-HOST-987123ntp 23542300x800000000000000047954526Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:40.156{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C9BC327E28BE90469E4FC6FE6E4F9610,SHA256=6F7037549677DC5FE7FC025BB16B0A70DD1F0AE5B50F68280FCBDAE0DE631ECF,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725099Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:40.183{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B908340695114D894721C82C23DAC065,SHA256=1510CA2F32205BF4BDFC56DC3880566A99C2360E0FA631036A60BC8F0BEE4F3F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725098Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:40.183{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=0095754DB7F26BC67B93EA958D149EA0,SHA256=B6C4DFCA8BE4875B1E18A6A1590171C7F59B9C744338E93AF24AEC616225CFD1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954530Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:41.969{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=29288EC41AB77B51D507421ADA32E9C0,SHA256=0976C76652A7999F1A634D80C73FE31FF0741D16112D2D92420ABD823E9DBCEA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725102Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:41.712{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=08D00F5A07B7E5F8FA4C9DC4545120C3,SHA256=F2A9C821CE09350AF2D19E2DF71CC52F834206FAAAA765C0AFD75EF9A0EC3797,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954529Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:41.547{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=E89B3830C06C4E2163931085C49A8444,SHA256=DE7F32BB2084888DD83ABDB04C3F94247FB3D7CEEB8D82596AD428334FBBC95C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000030725101Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:46.069{B81B27B7-4012-611D-1000-00000000C801}976C:\Windows\System32\svchost.exeNT AUTHORITY\LOCAL SERVICEudptruefalse10.0.1.15win-host-987.attackrange.local123ntpfalse10.0.1.14WIN-DC-128123ntp 23542300x800000000000000047954532Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:42.985{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=834EE39BC1838AD12B64BEB5902513D2,SHA256=2B96E0C5BDC3CB7647EF4743B30708A1C29A6170E89875BA6F450AF834A2AA52,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725103Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:42.745{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FFF5F6F3AA1FE5BEC959AFEB6B142A4C,SHA256=0A2BF35B25C147D42DD727B573B396527A94715BC586710401251B27F367BE50,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954531Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:42.656{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=49328DC2AC41FD2211257E6726441230,SHA256=C6D8A7AD9CE2C28D31AF12A54546AA318E3258565640627AA8D64822183AEEC1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725104Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:43.763{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D27A429E1F48B60966F25D9DC17A44BD,SHA256=8195B07350965939306624ED6955B18EB64D19234F7CC948CE5D41E56149AF3E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x800000000000000047954589Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:43.875{3BF36828-639B-6125-4CF4-00000000CA01}2044C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 10341000x800000000000000047954588Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:43.875{3BF36828-639B-6125-4CF4-00000000CA01}20443024C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{3BF36828-402C-611D-3000-00000000CA01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000047954587Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:43.875{3BF36828-639B-6125-4CF4-00000000CA01}2044C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000047954586Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:43.875{3BF36828-639B-6125-4CF4-00000000CA01}2044C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 23542300x800000000000000047954585Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:43.860{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2AFFFF91FF8B0AA4ED76DA8A7BB784E8,SHA256=3977B3EFF790D56670B5459E0B4161741C905D9E5D98BAAC403F2C75D1EA34B0,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x800000000000000047954584Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:43.735{3BF36828-639B-6125-4CF4-00000000CA01}2044C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000047954583Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:43.735{3BF36828-639B-6125-4CF4-00000000CA01}2044C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=B6E99FD898E948657373BB02708C7C00,SHA256=90476029BD7AB0FEC53AAE567AE53BC0B09C7C5C8C7B8F19485BA872B74ED591,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000047954582Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:43.735{3BF36828-639B-6125-4CF4-00000000CA01}2044C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000047954581Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:43.735{3BF36828-639B-6125-4CF4-00000000CA01}2044C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000047954580Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:43.735{3BF36828-639B-6125-4CF4-00000000CA01}2044C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000047954579Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:43.735{3BF36828-639B-6125-4CF4-00000000CA01}2044C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000047954578Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:43.735{3BF36828-639B-6125-4CF4-00000000CA01}2044C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000047954577Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:43.735{3BF36828-639B-6125-4CF4-00000000CA01}2044C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000047954576Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:43.719{3BF36828-639B-6125-4CF4-00000000CA01}2044C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000047954575Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:43.719{3BF36828-639B-6125-4CF4-00000000CA01}2044C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000047954574Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:43.719{3BF36828-639B-6125-4CF4-00000000CA01}2044C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000047954573Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:43.719{3BF36828-639B-6125-4CF4-00000000CA01}2044C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000047954572Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:43.719{3BF36828-639B-6125-4CF4-00000000CA01}2044C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=88632FDECDE467B887C3594BE2EC545C,SHA256=FFED4D80961917C785063411ED15CED1DB6588AD925E76D72E1BF684FFDBF25D,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000047954571Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:43.719{3BF36828-639B-6125-4CF4-00000000CA01}2044C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000047954570Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:43.719{3BF36828-639B-6125-4CF4-00000000CA01}2044C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000047954569Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:43.719{3BF36828-639B-6125-4CF4-00000000CA01}2044C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000047954568Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:43.719{3BF36828-639B-6125-4CF4-00000000CA01}2044C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000047954567Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:43.719{3BF36828-639B-6125-4CF4-00000000CA01}2044C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000047954566Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:43.719{3BF36828-639B-6125-4CF4-00000000CA01}2044C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000047954565Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:43.719{3BF36828-639B-6125-4CF4-00000000CA01}2044C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000047954564Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:43.719{3BF36828-639B-6125-4CF4-00000000CA01}2044C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000047954563Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:43.719{3BF36828-639B-6125-4CF4-00000000CA01}2044C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000047954562Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:43.719{3BF36828-639B-6125-4CF4-00000000CA01}2044C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000047954561Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:43.719{3BF36828-639B-6125-4CF4-00000000CA01}2044C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000047954560Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:43.719{3BF36828-639B-6125-4CF4-00000000CA01}2044C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000047954559Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:43.719{3BF36828-639B-6125-4CF4-00000000CA01}2044C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000047954558Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:43.719{3BF36828-639B-6125-4CF4-00000000CA01}2044C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4350 (rs1_release.210407-2154)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=BC930981DA6E598A6A2E87D8355CB38A,SHA256=34DB9A305C0574B5C1694A499221B520DFB2BFD894D8E95096ABF09F1182D758,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000047954557Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:43.719{3BF36828-639B-6125-4CF4-00000000CA01}2044C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000047954556Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:43.719{3BF36828-639B-6125-4CF4-00000000CA01}2044C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000047954555Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:43.719{3BF36828-639B-6125-4CF4-00000000CA01}2044C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000047954554Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:43.719{3BF36828-639B-6125-4CF4-00000000CA01}2044C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000047954553Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:43.719{3BF36828-639B-6125-4CF4-00000000CA01}2044C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000047954552Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:43.719{3BF36828-639B-6125-4CF4-00000000CA01}2044C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000047954551Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:43.719{3BF36828-639B-6125-4CF4-00000000CA01}2044C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000047954550Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:43.719{3BF36828-639B-6125-4CF4-00000000CA01}2044C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.2969 (rs1_release.190503-1820)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=F5442C4B9A99C3AED71BED79AC46DAD1,SHA256=05F47403F3BD93FB11F39A5CB4D6E4DD08B35FF4FA3D4969D8E5396D38FB484B,IMPHASH=D2F471BB25AF6310EB67BD4EA99B4DBCtrueMicrosoft WindowsValid 10341000x800000000000000047954549Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:43.719{3BF36828-402D-611D-3A00-00000000CA01}36083628C:\Windows\system32\conhost.exe{3BF36828-639B-6125-4CF4-00000000CA01}2044C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000047954548Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:43.719{3BF36828-639B-6125-4CF4-00000000CA01}2044C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000047954547Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:43.719{3BF36828-639B-6125-4CF4-00000000CA01}2044C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000047954546Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:43.719{3BF36828-639B-6125-4CF4-00000000CA01}2044C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000047954545Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:43.719{3BF36828-639B-6125-4CF4-00000000CA01}2044C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1CtrueSplunk, Inc.Valid 10341000x800000000000000047954544Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:43.719{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954543Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:43.719{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954542Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:43.719{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954541Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:43.719{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954540Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:43.719{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954539Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:43.719{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954538Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:43.719{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954537Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:43.719{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954536Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:43.719{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954535Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:43.719{3BF36828-4019-611D-0500-00000000CA01}408424C:\Windows\system32\csrss.exe{3BF36828-639B-6125-4CF4-00000000CA01}2044C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000047954534Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:43.719{3BF36828-402C-611D-3000-00000000CA01}22204860C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3BF36828-639B-6125-4CF4-00000000CA01}2044C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000047954533Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:43.704{3BF36828-639B-6125-4CF4-00000000CA01}2044C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{3BF36828-4019-611D-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{3BF36828-402C-611D-3000-00000000CA01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000030725105Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:44.780{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2EDFB460C6E0250A352C422D9E1B9E97,SHA256=B1EFC82E93B1BCB3E3DB41B0A74D728C3C1E2E6C63AC61EB80ADC0B60E4EDD08,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x800000000000000047954646Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:44.563{3BF36828-639C-6125-4DF4-00000000CA01}5948C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000047954645Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:44.547{3BF36828-639C-6125-4DF4-00000000CA01}5948C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000047954644Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:44.547{3BF36828-639C-6125-4DF4-00000000CA01}5948C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x800000000000000047954643Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:44.422{3BF36828-639C-6125-4DF4-00000000CA01}5948C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000047954642Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:44.422{3BF36828-639C-6125-4DF4-00000000CA01}5948C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rsaenh.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=B6E99FD898E948657373BB02708C7C00,SHA256=90476029BD7AB0FEC53AAE567AE53BC0B09C7C5C8C7B8F19485BA872B74ED591,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000047954641Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:44.422{3BF36828-639C-6125-4DF4-00000000CA01}5948C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000047954640Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:44.422{3BF36828-639C-6125-4DF4-00000000CA01}5948C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000047954639Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:44.422{3BF36828-639C-6125-4DF4-00000000CA01}5948C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000047954638Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:44.422{3BF36828-639C-6125-4DF4-00000000CA01}5948C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000047954637Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:44.422{3BF36828-639C-6125-4DF4-00000000CA01}5948C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000047954636Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:44.422{3BF36828-639C-6125-4DF4-00000000CA01}5948C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000047954635Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:44.422{3BF36828-639C-6125-4DF4-00000000CA01}5948C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000047954634Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:44.422{3BF36828-639C-6125-4DF4-00000000CA01}5948C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000047954633Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:44.422{3BF36828-639C-6125-4DF4-00000000CA01}5948C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000047954632Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:44.422{3BF36828-639C-6125-4DF4-00000000CA01}5948C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000047954631Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:44.422{3BF36828-639C-6125-4DF4-00000000CA01}5948C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000047954630Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:44.422{3BF36828-639C-6125-4DF4-00000000CA01}5948C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\combase.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=88632FDECDE467B887C3594BE2EC545C,SHA256=FFED4D80961917C785063411ED15CED1DB6588AD925E76D72E1BF684FFDBF25D,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000047954629Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:44.422{3BF36828-639C-6125-4DF4-00000000CA01}5948C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000047954628Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:44.422{3BF36828-639C-6125-4DF4-00000000CA01}5948C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000047954627Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:44.422{3BF36828-639C-6125-4DF4-00000000CA01}5948C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000047954626Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:44.409{3BF36828-639C-6125-4DF4-00000000CA01}5948C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000047954625Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:44.409{3BF36828-639C-6125-4DF4-00000000CA01}5948C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000047954624Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:44.409{3BF36828-639C-6125-4DF4-00000000CA01}5948C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000047954623Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:44.409{3BF36828-639C-6125-4DF4-00000000CA01}5948C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000047954622Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:44.409{3BF36828-639C-6125-4DF4-00000000CA01}5948C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000047954621Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:44.409{3BF36828-639C-6125-4DF4-00000000CA01}5948C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000047954620Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:44.409{3BF36828-639C-6125-4DF4-00000000CA01}5948C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000047954619Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:44.409{3BF36828-639C-6125-4DF4-00000000CA01}5948C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000047954618Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:44.409{3BF36828-639C-6125-4DF4-00000000CA01}5948C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000047954617Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:44.409{3BF36828-639C-6125-4DF4-00000000CA01}5948C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4350 (rs1_release.210407-2154)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=BC930981DA6E598A6A2E87D8355CB38A,SHA256=34DB9A305C0574B5C1694A499221B520DFB2BFD894D8E95096ABF09F1182D758,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000047954616Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:44.409{3BF36828-639C-6125-4DF4-00000000CA01}5948C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000047954615Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:44.409{3BF36828-639C-6125-4DF4-00000000CA01}5948C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000047954614Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:44.409{3BF36828-639C-6125-4DF4-00000000CA01}5948C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000047954613Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:44.409{3BF36828-639C-6125-4DF4-00000000CA01}5948C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000047954612Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:44.409{3BF36828-639C-6125-4DF4-00000000CA01}5948C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000047954611Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:44.409{3BF36828-639C-6125-4DF4-00000000CA01}5948C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000047954610Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:44.409{3BF36828-639C-6125-4DF4-00000000CA01}5948C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000047954609Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:44.409{3BF36828-639C-6125-4DF4-00000000CA01}5948C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\fltLib.dll10.0.14393.0 (rs1_release.160715-1616)Filter LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationfilterLib.dllMD5=051ABD8360BDA63A1BC77C662FBF0A25,SHA256=C914E2DBAEC2C9A11923A984B30A979637D3A27B3C29E93F4C90FB1D9FBC518F,IMPHASH=74D3C2DA8B6F9861866B866AE40683D3trueMicrosoft WindowsValid 734700x800000000000000047954608Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:44.409{3BF36828-639C-6125-4DF4-00000000CA01}5948C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\advapi32.dll10.0.14393.2969 (rs1_release.190503-1820)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=F5442C4B9A99C3AED71BED79AC46DAD1,SHA256=05F47403F3BD93FB11F39A5CB4D6E4DD08B35FF4FA3D4969D8E5396D38FB484B,IMPHASH=D2F471BB25AF6310EB67BD4EA99B4DBCtrueMicrosoft WindowsValid 10341000x800000000000000047954607Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:44.409{3BF36828-402D-611D-3A00-00000000CA01}36083628C:\Windows\system32\conhost.exe{3BF36828-639C-6125-4DF4-00000000CA01}5948C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000047954606Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:44.409{3BF36828-639C-6125-4DF4-00000000CA01}5948C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000047954605Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:44.409{3BF36828-639C-6125-4DF4-00000000CA01}5948C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000047954604Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:44.409{3BF36828-639C-6125-4DF4-00000000CA01}5948C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000047954603Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:44.409{3BF36828-639C-6125-4DF4-00000000CA01}5948C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exeMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8trueSplunk, Inc.Valid 10341000x800000000000000047954602Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:44.409{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954601Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:44.409{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954600Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:44.409{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954599Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:44.409{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954598Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:44.409{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954597Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:44.409{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954596Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:44.409{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954595Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:44.409{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954594Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:44.409{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954593Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:44.409{3BF36828-4019-611D-0500-00000000CA01}408528C:\Windows\system32\csrss.exe{3BF36828-639C-6125-4DF4-00000000CA01}5948C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000047954592Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:44.409{3BF36828-402C-611D-3000-00000000CA01}22204860C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3BF36828-639C-6125-4DF4-00000000CA01}5948C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000047954591Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:44.392{3BF36828-639C-6125-4DF4-00000000CA01}5948C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{3BF36828-4019-611D-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{3BF36828-402C-611D-3000-00000000CA01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000047954590Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:44.203{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C869BF8C0D55D4C1A11F65A6D2A5E853,SHA256=61FB4D26AC64301E2035B5A92680F475BD5CC8A8E238F938CC1C54DE9E32A633,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725107Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:45.795{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=89902A7730E3B03B0F4653A8C494F1FF,SHA256=46E135FE79DC76F6CF16547AA2923D7FFCB5944045D14B3B77A811A7FCCD87D2,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000030725106Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:50.153{B81B27B7-401D-611D-6900-00000000C801}3616C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58842-false10.0.1.12-8000- 23542300x800000000000000047954770Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.969{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=BFBCC55EFA5CFEA902E0409B3E4F4AD8,SHA256=ADFE6EAEF5EFC8FB6222DD633BF4C071242161ACA3A93D249C594FEDB853087C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954769Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.906{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=4BBB3C9A86EF2AEE1B4F2E4559403C01,SHA256=5BA58FAA586BCD21F5D1D8014AD407ACA1F1CF8FC32F91BB674BD2F622A21EDC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x800000000000000047954768Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.875{3BF36828-639D-6125-4FF4-00000000CA01}3692C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 10341000x800000000000000047954767Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.875{3BF36828-639D-6125-4FF4-00000000CA01}36925964C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{3BF36828-402C-611D-3000-00000000CA01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000047954766Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.875{3BF36828-639D-6125-4FF4-00000000CA01}3692C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000047954765Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.875{3BF36828-639D-6125-4FF4-00000000CA01}3692C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 354300x800000000000000047954764Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:41.927{3BF36828-4037-611D-7100-00000000CA01}4948C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local53757-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000047954763Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.813{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A940AE3C22EDEF82CF9BAD28CF007074,SHA256=2927BD960A1AE02DEE16E9FF05D4AA9F7F5874EF991D4A218BF3FCA53FB30055,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954762Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.750{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=40FBBE36D62576D8F670E308CC55958C,SHA256=0D86FE0636992D072E3A7ED14F43341E695248F305F0C03810039276A137E816,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954761Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.750{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=26A186B7D73DBB1F2BACA2927ED39B9D,SHA256=23A759C51FE07FC8DDAB1BDADD31C73519A45656DF579FC7DDE0959A6AE63C15,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x800000000000000047954760Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.703{3BF36828-639D-6125-4FF4-00000000CA01}3692C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000047954759Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.703{3BF36828-639D-6125-4FF4-00000000CA01}3692C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=B6E99FD898E948657373BB02708C7C00,SHA256=90476029BD7AB0FEC53AAE567AE53BC0B09C7C5C8C7B8F19485BA872B74ED591,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000047954758Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.703{3BF36828-639D-6125-4FF4-00000000CA01}3692C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000047954757Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.703{3BF36828-639D-6125-4FF4-00000000CA01}3692C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000047954756Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.688{3BF36828-639D-6125-4FF4-00000000CA01}3692C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000047954755Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.688{3BF36828-639D-6125-4FF4-00000000CA01}3692C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000047954754Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.688{3BF36828-639D-6125-4FF4-00000000CA01}3692C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000047954753Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.688{3BF36828-639D-6125-4FF4-00000000CA01}3692C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000047954752Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.688{3BF36828-639D-6125-4FF4-00000000CA01}3692C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000047954751Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.688{3BF36828-639D-6125-4FF4-00000000CA01}3692C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000047954750Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.688{3BF36828-639D-6125-4FF4-00000000CA01}3692C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000047954749Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.688{3BF36828-639D-6125-4FF4-00000000CA01}3692C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000047954748Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.688{3BF36828-639D-6125-4FF4-00000000CA01}3692C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=88632FDECDE467B887C3594BE2EC545C,SHA256=FFED4D80961917C785063411ED15CED1DB6588AD925E76D72E1BF684FFDBF25D,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000047954747Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.688{3BF36828-639D-6125-4FF4-00000000CA01}3692C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000047954746Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.688{3BF36828-639D-6125-4FF4-00000000CA01}3692C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000047954745Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.688{3BF36828-639D-6125-4FF4-00000000CA01}3692C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000047954744Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.688{3BF36828-639D-6125-4FF4-00000000CA01}3692C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000047954743Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.688{3BF36828-639D-6125-4FF4-00000000CA01}3692C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000047954742Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.688{3BF36828-639D-6125-4FF4-00000000CA01}3692C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000047954741Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.688{3BF36828-639D-6125-4FF4-00000000CA01}3692C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000047954740Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.688{3BF36828-639D-6125-4FF4-00000000CA01}3692C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000047954739Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.688{3BF36828-639D-6125-4FF4-00000000CA01}3692C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000047954738Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.688{3BF36828-639D-6125-4FF4-00000000CA01}3692C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000047954737Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.688{3BF36828-639D-6125-4FF4-00000000CA01}3692C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000047954736Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.688{3BF36828-639D-6125-4FF4-00000000CA01}3692C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4350 (rs1_release.210407-2154)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=BC930981DA6E598A6A2E87D8355CB38A,SHA256=34DB9A305C0574B5C1694A499221B520DFB2BFD894D8E95096ABF09F1182D758,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000047954735Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.688{3BF36828-639D-6125-4FF4-00000000CA01}3692C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000047954734Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.688{3BF36828-639D-6125-4FF4-00000000CA01}3692C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000047954733Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.688{3BF36828-639D-6125-4FF4-00000000CA01}3692C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000047954732Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.688{3BF36828-639D-6125-4FF4-00000000CA01}3692C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000047954731Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.688{3BF36828-639D-6125-4FF4-00000000CA01}3692C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000047954730Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.688{3BF36828-639D-6125-4FF4-00000000CA01}3692C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000047954729Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.688{3BF36828-639D-6125-4FF4-00000000CA01}3692C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000047954728Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.688{3BF36828-639D-6125-4FF4-00000000CA01}3692C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000047954727Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.688{3BF36828-639D-6125-4FF4-00000000CA01}3692C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000047954726Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.688{3BF36828-639D-6125-4FF4-00000000CA01}3692C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.2969 (rs1_release.190503-1820)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=F5442C4B9A99C3AED71BED79AC46DAD1,SHA256=05F47403F3BD93FB11F39A5CB4D6E4DD08B35FF4FA3D4969D8E5396D38FB484B,IMPHASH=D2F471BB25AF6310EB67BD4EA99B4DBCtrueMicrosoft WindowsValid 10341000x800000000000000047954725Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.688{3BF36828-402D-611D-3A00-00000000CA01}36083628C:\Windows\system32\conhost.exe{3BF36828-639D-6125-4FF4-00000000CA01}3692C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000047954724Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.688{3BF36828-639D-6125-4FF4-00000000CA01}3692C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000047954723Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.688{3BF36828-639D-6125-4FF4-00000000CA01}3692C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000047954722Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.672{3BF36828-639D-6125-4FF4-00000000CA01}3692C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 10341000x800000000000000047954721Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.672{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954720Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.672{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000047954719Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.672{3BF36828-639D-6125-4FF4-00000000CA01}3692C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1CtrueSplunk, Inc.Valid 10341000x800000000000000047954718Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.672{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954717Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.672{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954716Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.672{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954715Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.672{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954714Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.672{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954713Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.672{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954712Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.672{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954711Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.672{3BF36828-4019-611D-0500-00000000CA01}408424C:\Windows\system32\csrss.exe{3BF36828-639D-6125-4FF4-00000000CA01}3692C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000047954710Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.672{3BF36828-402C-611D-3000-00000000CA01}22204860C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3BF36828-639D-6125-4FF4-00000000CA01}3692C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000047954709Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.663{3BF36828-639D-6125-4FF4-00000000CA01}3692C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{3BF36828-4019-611D-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{3BF36828-402C-611D-3000-00000000CA01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000047954708Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.656{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D308CC7327E4C1F5CEB4D2C937163A38,SHA256=4C73695D3A61BB11DC35FC08D527D4F5DAED5DA2552DAC722599FD18AF076B0B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954707Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.578{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=9F58999EA6E4FDCBC6DA65F4B720ED72,SHA256=D334B4B6422E24BD341D6387648C43EC560EF76B9A1278F0C21BE553BDA657DD,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954706Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.406{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A34BA809CC134062CD25E76E126A51C1,SHA256=BB187D3C78344C4B533E09CA369BF759260145D6B7D99FE8435FE92CDDDDC3FF,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954705Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.375{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=00B74EEF221625EB26A1A67B847B9933,SHA256=3287AFFE6B4F27C4D7A2888E2FA7F3DD43CAC3D418B5F17EC490F97264CA93F8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954704Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.328{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=6367EEA7F423E0374EECFE0CF7BDD651,SHA256=D84E5349FA22618D7F1238B537220C2081C204932F21D5A96F21FFB57EDE0171,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954703Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.328{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B3F39DBD6BEA12FB065336C3F144A98C,SHA256=30C0CE5BD6FC82C01EE2A2ADD87FD5D8B08D429C60AEDBDE748A9794A2FBD9FC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000047954702Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.297{3BF36828-639D-6125-4EF4-00000000CA01}1723656C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{3BF36828-402C-611D-3000-00000000CA01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000047954701Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.297{3BF36828-639D-6125-4EF4-00000000CA01}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000047954700Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.297{3BF36828-639D-6125-4EF4-00000000CA01}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x800000000000000047954699Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.125{3BF36828-639D-6125-4EF4-00000000CA01}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000047954698Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.125{3BF36828-639D-6125-4EF4-00000000CA01}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rsaenh.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=B6E99FD898E948657373BB02708C7C00,SHA256=90476029BD7AB0FEC53AAE567AE53BC0B09C7C5C8C7B8F19485BA872B74ED591,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000047954697Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.125{3BF36828-639D-6125-4EF4-00000000CA01}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000047954696Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.125{3BF36828-639D-6125-4EF4-00000000CA01}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000047954695Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.125{3BF36828-639D-6125-4EF4-00000000CA01}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000047954694Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.125{3BF36828-639D-6125-4EF4-00000000CA01}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000047954693Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.125{3BF36828-639D-6125-4EF4-00000000CA01}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000047954692Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.125{3BF36828-639D-6125-4EF4-00000000CA01}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000047954691Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.125{3BF36828-639D-6125-4EF4-00000000CA01}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000047954690Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.110{3BF36828-639D-6125-4EF4-00000000CA01}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000047954689Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.110{3BF36828-639D-6125-4EF4-00000000CA01}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000047954688Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.110{3BF36828-639D-6125-4EF4-00000000CA01}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000047954687Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.110{3BF36828-639D-6125-4EF4-00000000CA01}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000047954686Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.110{3BF36828-639D-6125-4EF4-00000000CA01}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000047954685Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.110{3BF36828-639D-6125-4EF4-00000000CA01}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000047954684Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.110{3BF36828-639D-6125-4EF4-00000000CA01}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000047954683Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.110{3BF36828-639D-6125-4EF4-00000000CA01}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000047954682Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.110{3BF36828-639D-6125-4EF4-00000000CA01}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000047954681Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.110{3BF36828-639D-6125-4EF4-00000000CA01}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000047954680Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.110{3BF36828-639D-6125-4EF4-00000000CA01}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000047954679Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.110{3BF36828-639D-6125-4EF4-00000000CA01}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000047954678Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.110{3BF36828-639D-6125-4EF4-00000000CA01}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000047954677Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.110{3BF36828-639D-6125-4EF4-00000000CA01}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000047954676Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.110{3BF36828-639D-6125-4EF4-00000000CA01}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\advapi32.dll10.0.14393.2969 (rs1_release.190503-1820)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=F5442C4B9A99C3AED71BED79AC46DAD1,SHA256=05F47403F3BD93FB11F39A5CB4D6E4DD08B35FF4FA3D4969D8E5396D38FB484B,IMPHASH=D2F471BB25AF6310EB67BD4EA99B4DBCtrueMicrosoft WindowsValid 734700x800000000000000047954675Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.110{3BF36828-639D-6125-4EF4-00000000CA01}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000047954674Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.110{3BF36828-639D-6125-4EF4-00000000CA01}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000047954673Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.110{3BF36828-639D-6125-4EF4-00000000CA01}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000047954672Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.110{3BF36828-639D-6125-4EF4-00000000CA01}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000047954671Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.110{3BF36828-639D-6125-4EF4-00000000CA01}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4350 (rs1_release.210407-2154)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=BC930981DA6E598A6A2E87D8355CB38A,SHA256=34DB9A305C0574B5C1694A499221B520DFB2BFD894D8E95096ABF09F1182D758,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000047954670Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.110{3BF36828-639D-6125-4EF4-00000000CA01}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000047954669Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.094{3BF36828-639D-6125-4EF4-00000000CA01}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\combase.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=88632FDECDE467B887C3594BE2EC545C,SHA256=FFED4D80961917C785063411ED15CED1DB6588AD925E76D72E1BF684FFDBF25D,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000047954668Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.094{3BF36828-639D-6125-4EF4-00000000CA01}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000047954667Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.094{3BF36828-639D-6125-4EF4-00000000CA01}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000047954666Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.094{3BF36828-639D-6125-4EF4-00000000CA01}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000047954665Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.094{3BF36828-639D-6125-4EF4-00000000CA01}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000047954664Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.094{3BF36828-639D-6125-4EF4-00000000CA01}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 10341000x800000000000000047954663Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.094{3BF36828-402D-611D-3A00-00000000CA01}36083628C:\Windows\system32\conhost.exe{3BF36828-639D-6125-4EF4-00000000CA01}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000047954662Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.094{3BF36828-639D-6125-4EF4-00000000CA01}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000047954661Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.094{3BF36828-639D-6125-4EF4-00000000CA01}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000047954660Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.094{3BF36828-639D-6125-4EF4-00000000CA01}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000047954659Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.094{3BF36828-639D-6125-4EF4-00000000CA01}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exeMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165trueSplunk, Inc.Valid 10341000x800000000000000047954658Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.094{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954657Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.094{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954656Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.094{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954655Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.094{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954654Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.094{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954653Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.094{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954652Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.094{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954651Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.094{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954650Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.094{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954649Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.094{3BF36828-4019-611D-0500-00000000CA01}408356C:\Windows\system32\csrss.exe{3BF36828-639D-6125-4EF4-00000000CA01}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000047954648Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.094{3BF36828-402C-611D-3000-00000000CA01}22204860C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3BF36828-639D-6125-4EF4-00000000CA01}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000047954647Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:45.079{3BF36828-639D-6125-4EF4-00000000CA01}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{3BF36828-4019-611D-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{3BF36828-402C-611D-3000-00000000CA01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000030725108Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:46.811{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3150CB8C3A2507E2D3B7278014BBB574,SHA256=5D9DD4F564AFBC33E68E6F0FD9658E0A5E0701712927332E0B45AB7736F45D82,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x800000000000000047954886Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.891{3BF36828-639E-6125-51F4-00000000CA01}340C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000047954885Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.891{3BF36828-639E-6125-51F4-00000000CA01}340C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=B6E99FD898E948657373BB02708C7C00,SHA256=90476029BD7AB0FEC53AAE567AE53BC0B09C7C5C8C7B8F19485BA872B74ED591,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000047954884Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.891{3BF36828-639E-6125-51F4-00000000CA01}340C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000047954883Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.891{3BF36828-639E-6125-51F4-00000000CA01}340C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000047954882Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.875{3BF36828-639E-6125-51F4-00000000CA01}340C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000047954881Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.875{3BF36828-639E-6125-51F4-00000000CA01}340C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000047954880Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.875{3BF36828-639E-6125-51F4-00000000CA01}340C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000047954879Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.875{3BF36828-639E-6125-51F4-00000000CA01}340C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000047954878Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.875{3BF36828-639E-6125-51F4-00000000CA01}340C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sspicli.dll10.0.14393.2580 (rs1_release_inmarket.181009-1745)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=5061339CE61C0B32DB8F51A95E3B2422,SHA256=60558CA374334D4C6BBAD475921538C14A9FF3422893348A0503C1F33015FD25,IMPHASH=4B1C9487A6420C18F688F0EC5BEB6F33trueMicrosoft WindowsValid 734700x800000000000000047954877Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.875{3BF36828-639E-6125-51F4-00000000CA01}340C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000047954876Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.875{3BF36828-639E-6125-51F4-00000000CA01}340C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000047954875Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.875{3BF36828-639E-6125-51F4-00000000CA01}340C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000047954874Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.875{3BF36828-639E-6125-51F4-00000000CA01}340C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000047954873Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.875{3BF36828-639E-6125-51F4-00000000CA01}340C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\combase.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=88632FDECDE467B887C3594BE2EC545C,SHA256=FFED4D80961917C785063411ED15CED1DB6588AD925E76D72E1BF684FFDBF25D,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000047954872Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.875{3BF36828-639E-6125-51F4-00000000CA01}340C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000047954871Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.875{3BF36828-639E-6125-51F4-00000000CA01}340C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000047954870Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.875{3BF36828-639E-6125-51F4-00000000CA01}340C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000047954869Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.875{3BF36828-639E-6125-51F4-00000000CA01}340C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000047954868Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.875{3BF36828-639E-6125-51F4-00000000CA01}340C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000047954867Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.875{3BF36828-639E-6125-51F4-00000000CA01}340C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000047954866Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.875{3BF36828-639E-6125-51F4-00000000CA01}340C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000047954865Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.875{3BF36828-639E-6125-51F4-00000000CA01}340C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000047954864Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.875{3BF36828-639E-6125-51F4-00000000CA01}340C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000047954863Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.875{3BF36828-639E-6125-51F4-00000000CA01}340C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000047954862Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.875{3BF36828-639E-6125-51F4-00000000CA01}340C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000047954861Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.875{3BF36828-639E-6125-51F4-00000000CA01}340C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000047954860Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.875{3BF36828-639E-6125-51F4-00000000CA01}340C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000047954859Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.875{3BF36828-639E-6125-51F4-00000000CA01}340C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000047954858Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.875{3BF36828-639E-6125-51F4-00000000CA01}340C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000047954857Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.875{3BF36828-639E-6125-51F4-00000000CA01}340C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\nsi.dll10.0.14393.3297 (rs1_release_1.191001-1045)NSI User-mode interface DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationnsi.dllMD5=994E2A6D2A0B38E0968B3998E42033AC,SHA256=491F2D1DE09C39B324BCF5800198AC7CCE755F4023F1FEB3854D33716461BC27,IMPHASH=B01B7830101BC0D5FBDE4FFE2B170CF7trueMicrosoft WindowsValid 734700x800000000000000047954856Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.875{3BF36828-639E-6125-51F4-00000000CA01}340C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000047954855Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.875{3BF36828-639E-6125-51F4-00000000CA01}340C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000047954854Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.875{3BF36828-639E-6125-51F4-00000000CA01}340C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\IPHLPAPI.DLL10.0.14393.2339 (rs1_release_inmarket.180611-1502)IP Helper APIMicrosoft® Windows® Operating SystemMicrosoft Corporationiphlpapi.dllMD5=3CD38EDF9CA12F91131EDEE32D1C9DF5,SHA256=AF2440640BF8BDEAAF0DECDD7C354158E415ED0AA340ABA7A6CCCDC09C1E728B,IMPHASH=98738BA55485CCA932F6D222F47FFC55trueMicrosoft WindowsValid 734700x800000000000000047954853Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.875{3BF36828-639E-6125-51F4-00000000CA01}340C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dnsapi.dll10.0.14393.4350 (rs1_release.210407-2154)DNS Client API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationdnsapiMD5=D7651F99299B13D576A72643BFC44944,SHA256=589302E630C473DBDF4CE92C59F00B029FCA0C228E7111A764166E16025FA1A9,IMPHASH=3C043C6FF0F62DAEB8819606F79C5ECCtrueMicrosoft WindowsValid 734700x800000000000000047954852Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.875{3BF36828-639E-6125-51F4-00000000CA01}340C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5,IMPHASH=0D8FF9DE2DA5C07D680347B1A098E759trueMicrosoft WindowsValid 734700x800000000000000047954851Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.875{3BF36828-639E-6125-51F4-00000000CA01}340C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000047954850Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.875{3BF36828-639E-6125-51F4-00000000CA01}340C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\advapi32.dll10.0.14393.2969 (rs1_release.190503-1820)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=F5442C4B9A99C3AED71BED79AC46DAD1,SHA256=05F47403F3BD93FB11F39A5CB4D6E4DD08B35FF4FA3D4969D8E5396D38FB484B,IMPHASH=D2F471BB25AF6310EB67BD4EA99B4DBCtrueMicrosoft WindowsValid 734700x800000000000000047954849Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.875{3BF36828-639E-6125-51F4-00000000CA01}340C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4350 (rs1_release.210407-2154)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=BC930981DA6E598A6A2E87D8355CB38A,SHA256=34DB9A305C0574B5C1694A499221B520DFB2BFD894D8E95096ABF09F1182D758,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000047954848Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.875{3BF36828-639E-6125-51F4-00000000CA01}340C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000047954847Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.875{3BF36828-639E-6125-51F4-00000000CA01}340C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 10341000x800000000000000047954846Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.875{3BF36828-402D-611D-3A00-00000000CA01}36083628C:\Windows\system32\conhost.exe{3BF36828-639E-6125-51F4-00000000CA01}340C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000047954845Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.875{3BF36828-639E-6125-51F4-00000000CA01}340C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000047954844Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.875{3BF36828-639E-6125-51F4-00000000CA01}340C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000047954843Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.875{3BF36828-639E-6125-51F4-00000000CA01}340C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 10341000x800000000000000047954842Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.875{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954841Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.875{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000047954840Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.875{3BF36828-639E-6125-51F4-00000000CA01}340C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exeMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AECtrueSplunk, Inc.Valid 10341000x800000000000000047954839Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.875{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954838Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.875{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954837Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.875{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954836Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.875{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954835Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.875{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954834Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.875{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954833Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.875{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954832Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.875{3BF36828-4019-611D-0500-00000000CA01}408424C:\Windows\system32\csrss.exe{3BF36828-639E-6125-51F4-00000000CA01}340C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000047954831Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.860{3BF36828-402C-611D-3000-00000000CA01}22204860C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3BF36828-639E-6125-51F4-00000000CA01}340C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000047954830Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.860{3BF36828-639E-6125-51F4-00000000CA01}340C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{3BF36828-4019-611D-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{3BF36828-402C-611D-3000-00000000CA01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 734700x800000000000000047954829Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.360{3BF36828-639E-6125-50F4-00000000CA01}2596C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000047954828Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.344{3BF36828-639E-6125-50F4-00000000CA01}2596C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000047954827Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.344{3BF36828-639E-6125-50F4-00000000CA01}2596C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 23542300x800000000000000047954826Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.328{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=45F7E857ECA13170D5A23427A6F08957,SHA256=7620AF595E6AAEA6926154803B6CA962F2DB23751C69493E22694ABBFABF534B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954825Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.235{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3C69D6CCE48A96D07A41A7F585F7033E,SHA256=E95BE012BD02BA9FE998F392710C013055C1B4755BD9EEBDB76229F8FC3E04E7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x800000000000000047954824Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.203{3BF36828-639E-6125-50F4-00000000CA01}2596C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000047954823Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.203{3BF36828-639E-6125-50F4-00000000CA01}2596C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=B6E99FD898E948657373BB02708C7C00,SHA256=90476029BD7AB0FEC53AAE567AE53BC0B09C7C5C8C7B8F19485BA872B74ED591,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000047954822Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.203{3BF36828-639E-6125-50F4-00000000CA01}2596C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000047954821Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.203{3BF36828-639E-6125-50F4-00000000CA01}2596C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000047954820Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.203{3BF36828-639E-6125-50F4-00000000CA01}2596C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000047954819Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.203{3BF36828-639E-6125-50F4-00000000CA01}2596C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000047954818Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.203{3BF36828-639E-6125-50F4-00000000CA01}2596C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000047954817Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.188{3BF36828-639E-6125-50F4-00000000CA01}2596C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000047954816Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.188{3BF36828-639E-6125-50F4-00000000CA01}2596C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000047954815Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.188{3BF36828-639E-6125-50F4-00000000CA01}2596C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000047954814Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.188{3BF36828-639E-6125-50F4-00000000CA01}2596C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000047954813Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.188{3BF36828-639E-6125-50F4-00000000CA01}2596C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000047954812Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.188{3BF36828-639E-6125-50F4-00000000CA01}2596C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000047954811Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.188{3BF36828-639E-6125-50F4-00000000CA01}2596C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000047954810Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.188{3BF36828-639E-6125-50F4-00000000CA01}2596C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\winspool.drv10.0.14393.4169 (rs1_release.210107-1130)Windows Spooler DriverMicrosoft® Windows® Operating SystemMicrosoft Corporationwinspool.drvMD5=D21FAA584F844E61375D95B5BE9115EE,SHA256=E221EA0081FDE7AAAD71A38016A8D470082B3732E9ED2D8ED7C97E9F41AF0045,IMPHASH=2005807FD04567B79F4109D23F9E6018trueMicrosoft WindowsValid 734700x800000000000000047954809Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.188{3BF36828-639E-6125-50F4-00000000CA01}2596C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000047954808Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.188{3BF36828-639E-6125-50F4-00000000CA01}2596C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000047954807Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.188{3BF36828-639E-6125-50F4-00000000CA01}2596C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000047954806Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.188{3BF36828-639E-6125-50F4-00000000CA01}2596C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000047954805Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.188{3BF36828-639E-6125-50F4-00000000CA01}2596C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000047954804Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.188{3BF36828-639E-6125-50F4-00000000CA01}2596C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\combase.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=88632FDECDE467B887C3594BE2EC545C,SHA256=FFED4D80961917C785063411ED15CED1DB6588AD925E76D72E1BF684FFDBF25D,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000047954803Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.188{3BF36828-639E-6125-50F4-00000000CA01}2596C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000047954802Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.188{3BF36828-639E-6125-50F4-00000000CA01}2596C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000047954801Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.188{3BF36828-639E-6125-50F4-00000000CA01}2596C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000047954800Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.188{3BF36828-639E-6125-50F4-00000000CA01}2596C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000047954799Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.188{3BF36828-639E-6125-50F4-00000000CA01}2596C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000047954798Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.188{3BF36828-639E-6125-50F4-00000000CA01}2596C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000047954797Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.188{3BF36828-639E-6125-50F4-00000000CA01}2596C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000047954796Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.188{3BF36828-639E-6125-50F4-00000000CA01}2596C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4350 (rs1_release.210407-2154)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=BC930981DA6E598A6A2E87D8355CB38A,SHA256=34DB9A305C0574B5C1694A499221B520DFB2BFD894D8E95096ABF09F1182D758,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000047954795Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.188{3BF36828-639E-6125-50F4-00000000CA01}2596C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000047954794Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.188{3BF36828-639E-6125-50F4-00000000CA01}2596C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000047954793Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.188{3BF36828-639E-6125-50F4-00000000CA01}2596C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\advapi32.dll10.0.14393.2969 (rs1_release.190503-1820)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=F5442C4B9A99C3AED71BED79AC46DAD1,SHA256=05F47403F3BD93FB11F39A5CB4D6E4DD08B35FF4FA3D4969D8E5396D38FB484B,IMPHASH=D2F471BB25AF6310EB67BD4EA99B4DBCtrueMicrosoft WindowsValid 734700x800000000000000047954792Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.188{3BF36828-639E-6125-50F4-00000000CA01}2596C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000047954791Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.188{3BF36828-639E-6125-50F4-00000000CA01}2596C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000047954790Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.188{3BF36828-639E-6125-50F4-00000000CA01}2596C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000047954789Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.188{3BF36828-639E-6125-50F4-00000000CA01}2596C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 10341000x800000000000000047954788Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.188{3BF36828-402D-611D-3A00-00000000CA01}36083628C:\Windows\system32\conhost.exe{3BF36828-639E-6125-50F4-00000000CA01}2596C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000047954787Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.188{3BF36828-639E-6125-50F4-00000000CA01}2596C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000047954786Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.188{3BF36828-639E-6125-50F4-00000000CA01}2596C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000047954785Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.188{3BF36828-639E-6125-50F4-00000000CA01}2596C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000047954784Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.188{3BF36828-639E-6125-50F4-00000000CA01}2596C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exeMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748trueSplunk, Inc.Valid 10341000x800000000000000047954783Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.188{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954782Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.188{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954781Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.188{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954780Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.188{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954779Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.188{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954778Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.188{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954777Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.188{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954776Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.188{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954775Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.188{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954774Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.188{3BF36828-4019-611D-0500-00000000CA01}408424C:\Windows\system32\csrss.exe{3BF36828-639E-6125-50F4-00000000CA01}2596C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000047954773Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.188{3BF36828-402C-611D-3000-00000000CA01}22204860C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3BF36828-639E-6125-50F4-00000000CA01}2596C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000047954772Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.177{3BF36828-639E-6125-50F4-00000000CA01}2596C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{3BF36828-4019-611D-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{3BF36828-402C-611D-3000-00000000CA01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000047954771Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:46.172{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=7D80620C829A325D03261800AB9DC89B,SHA256=A4572AD9A8A9503F8805549EAF3630E12C044AAFD762ED688E58AB55BB6EB01D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725109Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:47.863{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C951142C43D77A2B3307800C43644760,SHA256=64904152E45D8CDDB00E3C74C84D941D5AC79B184DC9BC78050DC92241E7614B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x800000000000000047954951Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:47.563{3BF36828-639F-6125-52F4-00000000CA01}4636C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 10341000x800000000000000047954950Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:47.563{3BF36828-639F-6125-52F4-00000000CA01}46362764C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{3BF36828-402C-611D-3000-00000000CA01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000047954949Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:47.563{3BF36828-639F-6125-52F4-00000000CA01}4636C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000047954948Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:47.563{3BF36828-639F-6125-52F4-00000000CA01}4636C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x800000000000000047954947Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:47.422{3BF36828-639F-6125-52F4-00000000CA01}4636C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000047954946Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:47.422{3BF36828-639F-6125-52F4-00000000CA01}4636C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=B6E99FD898E948657373BB02708C7C00,SHA256=90476029BD7AB0FEC53AAE567AE53BC0B09C7C5C8C7B8F19485BA872B74ED591,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000047954945Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:47.422{3BF36828-639F-6125-52F4-00000000CA01}4636C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000047954944Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:47.422{3BF36828-639F-6125-52F4-00000000CA01}4636C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000047954943Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:47.422{3BF36828-639F-6125-52F4-00000000CA01}4636C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000047954942Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:47.422{3BF36828-639F-6125-52F4-00000000CA01}4636C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000047954941Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:47.422{3BF36828-639F-6125-52F4-00000000CA01}4636C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000047954940Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:47.422{3BF36828-639F-6125-52F4-00000000CA01}4636C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000047954939Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:47.407{3BF36828-639F-6125-52F4-00000000CA01}4636C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000047954938Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:47.407{3BF36828-639F-6125-52F4-00000000CA01}4636C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000047954937Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:47.407{3BF36828-639F-6125-52F4-00000000CA01}4636C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000047954936Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:47.407{3BF36828-639F-6125-52F4-00000000CA01}4636C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000047954935Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:47.407{3BF36828-639F-6125-52F4-00000000CA01}4636C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\combase.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=88632FDECDE467B887C3594BE2EC545C,SHA256=FFED4D80961917C785063411ED15CED1DB6588AD925E76D72E1BF684FFDBF25D,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000047954934Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:47.407{3BF36828-639F-6125-52F4-00000000CA01}4636C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000047954933Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:47.407{3BF36828-639F-6125-52F4-00000000CA01}4636C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000047954932Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:47.407{3BF36828-639F-6125-52F4-00000000CA01}4636C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000047954931Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:47.407{3BF36828-639F-6125-52F4-00000000CA01}4636C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000047954930Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:47.407{3BF36828-639F-6125-52F4-00000000CA01}4636C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000047954929Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:47.407{3BF36828-639F-6125-52F4-00000000CA01}4636C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000047954928Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:47.407{3BF36828-639F-6125-52F4-00000000CA01}4636C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000047954927Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:47.407{3BF36828-639F-6125-52F4-00000000CA01}4636C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000047954926Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:47.407{3BF36828-639F-6125-52F4-00000000CA01}4636C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000047954925Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:47.407{3BF36828-639F-6125-52F4-00000000CA01}4636C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000047954924Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:47.407{3BF36828-639F-6125-52F4-00000000CA01}4636C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4350 (rs1_release.210407-2154)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=BC930981DA6E598A6A2E87D8355CB38A,SHA256=34DB9A305C0574B5C1694A499221B520DFB2BFD894D8E95096ABF09F1182D758,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000047954923Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:47.407{3BF36828-639F-6125-52F4-00000000CA01}4636C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000047954922Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:47.407{3BF36828-639F-6125-52F4-00000000CA01}4636C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000047954921Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:47.407{3BF36828-639F-6125-52F4-00000000CA01}4636C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000047954920Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:47.407{3BF36828-639F-6125-52F4-00000000CA01}4636C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000047954919Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:47.407{3BF36828-639F-6125-52F4-00000000CA01}4636C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000047954918Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:47.407{3BF36828-639F-6125-52F4-00000000CA01}4636C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000047954917Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:47.407{3BF36828-639F-6125-52F4-00000000CA01}4636C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000047954916Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:47.407{3BF36828-639F-6125-52F4-00000000CA01}4636C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000047954915Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:47.407{3BF36828-639F-6125-52F4-00000000CA01}4636C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000047954914Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:47.407{3BF36828-639F-6125-52F4-00000000CA01}4636C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5,IMPHASH=0D8FF9DE2DA5C07D680347B1A098E759trueMicrosoft WindowsValid 734700x800000000000000047954913Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:47.407{3BF36828-639F-6125-52F4-00000000CA01}4636C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000047954912Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:47.407{3BF36828-639F-6125-52F4-00000000CA01}4636C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\advapi32.dll10.0.14393.2969 (rs1_release.190503-1820)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=F5442C4B9A99C3AED71BED79AC46DAD1,SHA256=05F47403F3BD93FB11F39A5CB4D6E4DD08B35FF4FA3D4969D8E5396D38FB484B,IMPHASH=D2F471BB25AF6310EB67BD4EA99B4DBCtrueMicrosoft WindowsValid 10341000x800000000000000047954911Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:47.407{3BF36828-402D-611D-3A00-00000000CA01}36083628C:\Windows\system32\conhost.exe{3BF36828-639F-6125-52F4-00000000CA01}4636C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000047954910Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:47.407{3BF36828-639F-6125-52F4-00000000CA01}4636C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000047954909Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:47.407{3BF36828-639F-6125-52F4-00000000CA01}4636C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000047954908Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:47.407{3BF36828-639F-6125-52F4-00000000CA01}4636C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 10341000x800000000000000047954907Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:47.407{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000047954906Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:47.407{3BF36828-639F-6125-52F4-00000000CA01}4636C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exeMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25trueSplunk, Inc.Valid 10341000x800000000000000047954905Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:47.407{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954904Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:47.407{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954903Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:47.407{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954902Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:47.407{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954901Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:47.407{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954900Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:47.407{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954899Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:47.407{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954898Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:47.407{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954897Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:47.407{3BF36828-4019-611D-0500-00000000CA01}408528C:\Windows\system32\csrss.exe{3BF36828-639F-6125-52F4-00000000CA01}4636C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000047954896Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:47.407{3BF36828-402C-611D-3000-00000000CA01}22204860C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3BF36828-639F-6125-52F4-00000000CA01}4636C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000047954895Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:47.392{3BF36828-639F-6125-52F4-00000000CA01}4636C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{3BF36828-4019-611D-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{3BF36828-402C-611D-3000-00000000CA01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000047954894Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:47.360{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DA519A4DAF3A26895B40B613DDE8CEBA,SHA256=B8AB186FB69DF93AF02EF9CECB3BD4FF8BBFE8E0A87664D826CC595A1D54F116,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954893Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:47.250{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F4593DC6571A9B2F3CB570C1894FAC6A,SHA256=E04514531EFADC35888B2FFF23DE6CE3E0FA65FA79C80B2D4B00F7DA564D20C4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954892Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:47.156{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=EDA05D4E7151836276901748A2EEF4D0,SHA256=848D4B15EBFD2C95F6385EA4E60C9453C838632D942F531521D6CE96BC64BDB4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954891Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:47.047{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F8271B371AAE925C835BC884683EB073,SHA256=4A1223718844028F658A392BA71FCC8210FC15BEFCA86A5248AC348AE6B3F302,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x800000000000000047954890Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:47.016{3BF36828-639E-6125-51F4-00000000CA01}340C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000047954889Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:47.016{3BF36828-639E-6125-51F4-00000000CA01}340C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000047954888Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:47.000{3BF36828-639E-6125-51F4-00000000CA01}340C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 23542300x800000000000000047954887Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:47.000{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8F7A0B7B277DA881E52B622ECB241C89,SHA256=425DD51914C2440D8899C83DA06DF4ECCD4A97E160BB27FEA8370482D7165D0C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725110Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:48.908{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C8B39A3F89BB6BF3A5E1AF9F9EAD214D,SHA256=713308E131F846B50317FEF19F779B8C2E4CBDE3CFA79AB938A87C619C31F4C3,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954954Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:48.594{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B094956C2F7FB94E41608954A2AF3166,SHA256=8900E908ED875691C416FA0D1D1AC5EE10894C5E49A5CB71A0483C62243E19DD,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954953Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:48.531{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A4CC6923E871C580537E04F51736C409,SHA256=D48EB4ACC683F9EDBC3F1A6B4C8A898EC39D9CB2A0F957799458605C0B0B15BF,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954952Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:48.531{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=7A4ADCBF691358459D31DB5F96CA663A,SHA256=A01178AE719A40F7CC09C4B3A204E9B567FB42EFB59F364BBD4B27072404F7D7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725111Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:49.940{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7B371A1CCB2245DEFA05B2A500CB0FC4,SHA256=FB7CF3ABB28CC5600BB9427CDCDD80FC05BD47AB401DF58CD8A8076214FE41A2,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954956Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:49.828{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=95C29D9FC659D59335538A954687867C,SHA256=879C98F32154D1842978FD6E534D783528535C61C514A8366876EF78801BE756,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954955Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:49.578{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=845AB36C11F98710FF61BB9B43722E49,SHA256=3137759707AF720AB823F90129008675B7D9CD3C6DD6B96713E8873FBC79AB25,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954958Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:50.969{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=DE44C44C0926579651ED4D2B2F17F6AB,SHA256=F35074AAEE1AF4A0563FEC4FDAAD6E8C960A6FB75342E532EE29AF96FF348C1A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954957Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:50.594{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E861851183989DECDC1840DECB3B0B80,SHA256=0F19672627AD3EAD0409FC4BB8CBACC17363F395BE523F6F552CD27232BFB20B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000030725112Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:56.088{B81B27B7-401D-611D-6900-00000000C801}3616C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58843-false10.0.1.12-8000- 10341000x800000000000000047954978Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:51.922{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-401B-611D-1500-00000000CA01}1108C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954977Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:51.922{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-401B-611D-1500-00000000CA01}1108C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954976Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:51.922{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-401B-611D-1500-00000000CA01}1108C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954975Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:51.922{3BF36828-4019-611D-0B00-00000000CA01}6285276C:\Windows\system32\lsass.exe{3BF36828-4016-611D-0100-00000000CA01}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x800000000000000047954974Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:51.813{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-401B-611D-1500-00000000CA01}1108C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954973Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:51.813{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-401B-611D-1500-00000000CA01}1108C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954972Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:51.813{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-401B-611D-1500-00000000CA01}1108C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954971Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:51.813{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-401B-611D-1500-00000000CA01}1108C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954970Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:51.813{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-401B-611D-1500-00000000CA01}1108C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954969Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:51.813{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-401B-611D-1500-00000000CA01}1108C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954968Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:51.813{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-401B-611D-1500-00000000CA01}1108C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954967Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:51.813{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-401B-611D-1500-00000000CA01}1108C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954966Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:51.813{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-401B-611D-1500-00000000CA01}1108C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954965Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:51.813{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-401B-611D-1500-00000000CA01}1108C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954964Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:51.813{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-401B-611D-1500-00000000CA01}1108C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954963Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:51.813{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-401B-611D-1500-00000000CA01}1108C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954962Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:51.813{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-401B-611D-1500-00000000CA01}1108C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954961Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:51.813{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-401B-611D-1500-00000000CA01}1108C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954960Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:51.813{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-401B-611D-1500-00000000CA01}1108C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000047954959Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:51.625{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A15C8B273E8EBD87186FBB31256E9657,SHA256=4BA22969658F980DACD257629D1B803354C33211D3854CA112B9DD9482C99FA6,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725113Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:51.006{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FF0E6EA522A8A1A67327F44A95ED01C1,SHA256=C690060C23C97DC1C1B02641644420EA58B409AD1A22F3403F7CF1556473F30C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954981Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:52.657{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=84687632B62763E7CBC0770870FA23CC,SHA256=2E288D9CFAE3748321569576A56A2D8E33C5212A9CBDAE279EBE704DBC7B7F3F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725114Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:52.007{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A3F630EE2DB630256609CB54241F904A,SHA256=D6BEDAFBA34B291184B500BA73A2D93CD1723A082193B1C0151444815FD69346,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954980Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:52.110{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A4D98E43B4F8886BAE24EAE2420DB7CC,SHA256=24451BF8D1F846EAE6839B5D82A07301CF9009D2E6D1134CBC6E9DD5929226B4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000047954979Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:47.880{3BF36828-4037-611D-7100-00000000CA01}4948C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local53758-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000047954987Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:53.875{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=EDACC53A18C3579B29D2735FBBE0ACF0,SHA256=0C452F9C1CCE05B5DF28422E79D608C7E1DB204AF638C6EFCCD7BDF5FE5AF36D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954986Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:53.875{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=86E9136D37CBA0F4B423AFFBAE424341,SHA256=DF04AEDCC9C6F3FA7017606704032F66863133CAEB9FE234FBC4C919A7DD61BC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 13241300x800000000000000030725125Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-SetValue2021-08-24 21:24:53.459{B81B27B7-4012-611D-0B00-00000000C801}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000030725124Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-SetValue2021-08-24 21:24:53.459{B81B27B7-4012-611D-0B00-00000000C801}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x1fcb218d) 13241300x800000000000000030725123Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-SetValue2021-08-24 21:24:53.459{B81B27B7-4012-611D-0B00-00000000C801}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d79926-0x1951e35a) 13241300x800000000000000030725122Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-SetValue2021-08-24 21:24:53.459{B81B27B7-4012-611D-0B00-00000000C801}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7992e-0x7b164b5a) 13241300x800000000000000030725121Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-SetValue2021-08-24 21:24:53.459{B81B27B7-4012-611D-0B00-00000000C801}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d79936-0xdcdab35a) 13241300x800000000000000030725120Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-SetValue2021-08-24 21:24:53.459{B81B27B7-4012-611D-0B00-00000000C801}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000030725119Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-SetValue2021-08-24 21:24:53.459{B81B27B7-4012-611D-0B00-00000000C801}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x1fcb218d) 13241300x800000000000000030725118Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-SetValue2021-08-24 21:24:53.459{B81B27B7-4012-611D-0B00-00000000C801}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d79926-0x1951e35a) 13241300x800000000000000030725117Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-SetValue2021-08-24 21:24:53.459{B81B27B7-4012-611D-0B00-00000000C801}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7992e-0x7b164b5a) 13241300x800000000000000030725116Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-SetValue2021-08-24 21:24:53.459{B81B27B7-4012-611D-0B00-00000000C801}636C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d79936-0xdcdab35a) 23542300x800000000000000030725115Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:53.007{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B1E3A0A0FADBD17D2F03BCB177A22BD6,SHA256=FAE3D8D705B7CFF7199E0650F586FAC43039AC0477EAB42DA61B892654FCFEE8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000047954985Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:49.677{3BF36828-4019-611D-0B00-00000000CA01}628C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-128.attackrange.local53760-false10.0.1.14win-dc-128.attackrange.local389ldap 354300x800000000000000047954984Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:49.677{3BF36828-401B-611D-0F00-00000000CA01}296C:\Windows\System32\svchost.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local53760-false10.0.1.14win-dc-128.attackrange.local389ldap 354300x800000000000000047954983Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:49.666{3BF36828-4019-611D-0B00-00000000CA01}628C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:b574:557a:2d92:ce61win-dc-128.attackrange.local53759-truefe80:0:0:0:b574:557a:2d92:ce61win-dc-128.attackrange.local389ldap 354300x800000000000000047954982Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:49.666{3BF36828-401B-611D-0F00-00000000CA01}296C:\Windows\System32\svchost.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:b574:557a:2d92:ce61win-dc-128.attackrange.local53759-truefe80:0:0:0:b574:557a:2d92:ce61win-dc-128.attackrange.local389ldap 23542300x800000000000000047954990Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:54.875{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=35D428861620919CF6ACD5E16A0D8CD4,SHA256=069DE4787EECC4D9B334CCE0C3E75B703CB76AC8F8DA697F161B4280F8421BF9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725126Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:54.025{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F932D25B99D3B40C14E440F4B2860C68,SHA256=E85EB378420D2EC011ECF86CC016E6AF124FF852750142286370B150AB3FB6A8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000047954989Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:49.774{3BF36828-4016-611D-0100-00000000CA01}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:b574:557a:2d92:ce61win-dc-128.attackrange.local53761-truefe80:0:0:0:b574:557a:2d92:ce61win-dc-128.attackrange.local445microsoft-ds 354300x800000000000000047954988Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:49.774{3BF36828-4016-611D-0100-00000000CA01}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:b574:557a:2d92:ce61win-dc-128.attackrange.local53761-truefe80:0:0:0:b574:557a:2d92:ce61win-dc-128.attackrange.local445microsoft-ds 23542300x800000000000000047954992Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:55.879{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3F5F75B4D4C81271A534DF47A7373F5A,SHA256=735758846FDC465C8ADC3F058F9CB668834C699478B40DDBB0CC4B7D6FFD0856,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725127Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:55.038{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9D9C6891A2C6C3E84F75E81965FCD913,SHA256=8BC089AAE0B5B322C1A46A7E7B9E7DAC0C69D88041C68A780ECCE6AC944C1211,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954991Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:55.016{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D69716DC33A912E911436FE65898A1F6,SHA256=89728430797FA6CC3F26B53266223CC8C29383E24D0D27C3D3E5C824EA847124,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954994Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:56.881{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B4A5A7DDDBAA00175A0B3759CCF555AC,SHA256=538F1C3D0276EF4F66CAD2B3360092A9D250603679022A5406F286B32682378D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000030725129Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:02.062{B81B27B7-401D-611D-6900-00000000C801}3616C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58844-false10.0.1.12-8000- 23542300x800000000000000030725128Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:56.056{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5024A0E559893936F90FBF72665A6D51,SHA256=E692698E860D5E42168D56C23D3BFE06A23CA252ABF81A7075AB4EDA162AAB31,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954993Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:56.254{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=46846BFD7AA9EBE5FB9F2ED1B8D90919,SHA256=2A5E15856E8AB437A39BB7A83585F26563816C5DE925FB9F2CC5236D7C42894C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954997Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:57.893{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=252576492284E8D3D41761E70C34F232,SHA256=C08A2A8ECE7B471933C215657C3EAE4918B55DED5A5B2745FFD46F3AA20B9A0B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725130Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:57.056{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4B71949A10EEC0C022DB9FE838090E69,SHA256=CF032D26D3A42FE0C269AEA880328235FC5F0E38E68D2858AF6C907932FE53F3,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954996Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:57.396{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A658CF800D8FC75DFD392ADFCAA956DF,SHA256=BDAE65CCA9AC2E38D439643ABEAF8A63E9932FC4B79273E4CF19E0183744BFFC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000047954995Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:53.005{3BF36828-4037-611D-7100-00000000CA01}4948C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local53762-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000047954999Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:58.896{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=12046D9D2B9E408547F1C413207E95C3,SHA256=1216987B5D1693A3709624B053FF2B475BD9130C17B9CA1B410B20EDD51C54B9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725131Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:58.118{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=51C9A26591FE3FAFDFDCD6F6B56ECCFA,SHA256=1B57D39FD846C97730B07CD41A95F1253513A96DD9341CD5733EC0DF8FD052B7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954998Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:58.627{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=0731722C4B1F26F3F979139A031E5AFE,SHA256=DC81BAF74B8928AB103FF2BB5168304781E2AB4F49C88E9ED2832CFB1EFCD7EF,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725132Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:59.134{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=435AC4627CD4769B0DD83097D843A9EB,SHA256=C75DB14C17C57B2C55C6DE3AC26C7C5D62D39406546C8A51E47DC0BAC0F2BCE7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725134Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:00.153{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5AF2F9B21BAEBD3CDD32553713A88FEE,SHA256=2B4F9B726D319B9E7E5977FB1E1678139D5034F01F506982732EE3F6208EC008,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725133Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:00.153{B81B27B7-4012-611D-1100-00000000C801}968NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=4CE13AFB0976FD874AAEF7F25A7C6DC0,SHA256=3233A844590A2654CDCE41E28AC99E154EC53AFE272DEBE84708B83935721502,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955001Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:00.099{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D4E88B9BB0E2CC1D16327ED975D80CBA,SHA256=232D419480868D5CEEAC4CFACB6429FB28F2D70911E53A6CDB29514146BC1565,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955000Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:00.099{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7E29C47A44EAFEC3D9CD81A8F770312B,SHA256=0CFC8D68E1F3F74126D8F8C428993B9BA41BC9EC6B690FC1405322D7FC4F1D71,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725135Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:01.183{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=21F1B97A62100AD910D83E6DF9F18E9E,SHA256=5C81795B0B6B490CC0F8C46F28523BAB78D1C7BC178EB77064C60D62FEA696A6,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955003Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:01.240{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D21B61CB13AAEB8846ECE5226CA9F6B9,SHA256=6A536C10EC83AB54A97A29AD2612A8D3D481DD0008202857A77E4E2AAC1A2BB1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955002Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:01.240{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=40679A1C2650F4B3B348B078BBB425D5,SHA256=26F962DC84345C069ABD11CA0322A75A6B603CB4A0C1E8180E12746121082EC4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000047955006Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:58.970{3BF36828-4037-611D-7100-00000000CA01}4948C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local53763-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000047955005Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:02.333{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=AE886D26ADA0197C50F6F88E36B9C31D,SHA256=F6AC5991EBA60C652D6D241671C1E2208866FDD32D2967D699A056E15E24ABB9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955004Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:02.240{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1964A9B9BC3E08D9D36A0386109C6666,SHA256=ECD8D999F87D7CD82940735A980F4C9EB4F429542A61BC3B16F92E5CDA9DBCDD,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000030725137Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:08.079{B81B27B7-401D-611D-6900-00000000C801}3616C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58845-false10.0.1.12-8000- 23542300x800000000000000030725136Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:02.198{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F8FA088A1468BE686C2A1A887DA24C91,SHA256=DB995A494A281F089DC33203E3606D31967F7A45E173F6226357FF1CE5A55A2F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955008Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:03.615{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F7D9459C4A4F8FBEF63D20A2660F6EC5,SHA256=530585757085A81D1BA7581F519665CB855E5775FC1EC3B920FA3671C24E1E1D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955007Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:03.302{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3C089537D3D18D5CD433CE210A3E9146,SHA256=371B3899BC2B85DC76ECEB75B88FEC3B9C7FD07EBA920D8849ACDC91963670A6,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000030725146Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:03.865{B81B27B7-4014-611D-3000-00000000C801}31443164C:\Windows\system32\conhost.exe{B81B27B7-63AF-6125-5F00-01000000C801}2860C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725145Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:03.865{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725144Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:03.865{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725143Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:03.865{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725142Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:03.865{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725141Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:03.865{B81B27B7-4012-611D-0500-00000000C801}420984C:\Windows\system32\csrss.exe{B81B27B7-63AF-6125-5F00-01000000C801}2860C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000030725140Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:03.865{B81B27B7-4013-611D-2700-00000000C801}20763760C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{B81B27B7-63AF-6125-5F00-01000000C801}2860C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000030725139Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:03.850{B81B27B7-63AF-6125-5F00-01000000C801}2860C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{B81B27B7-4012-611D-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{B81B27B7-4013-611D-2700-00000000C801}2076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000030725138Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:03.230{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E540C3967F7107FAEB838BA75E27C070,SHA256=E799E2014F2C75898A68B7D76A9D408A53E3DACDF906C8F4688F14B50137C652,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725158Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:04.964{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=30ECEBD4E367CF3515B4393B106B2D60,SHA256=E249855D58D95D59DDD45BC58ED56329122AF0DD77800122FE7F8D77E8AAE299,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725157Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:04.964{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B908340695114D894721C82C23DAC065,SHA256=1510CA2F32205BF4BDFC56DC3880566A99C2360E0FA631036A60BC8F0BEE4F3F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000030725156Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:04.380{B81B27B7-4014-611D-3000-00000000C801}31443164C:\Windows\system32\conhost.exe{B81B27B7-63B0-6125-6000-01000000C801}288C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725155Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:04.380{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725154Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:04.380{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725153Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:04.380{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725152Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:04.380{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725151Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:04.380{B81B27B7-4012-611D-0500-00000000C801}420536C:\Windows\system32\csrss.exe{B81B27B7-63B0-6125-6000-01000000C801}288C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000030725150Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:04.380{B81B27B7-4013-611D-2700-00000000C801}20763760C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{B81B27B7-63B0-6125-6000-01000000C801}288C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000030725149Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:04.366{B81B27B7-63B0-6125-6000-01000000C801}288C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{B81B27B7-4012-611D-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{B81B27B7-4013-611D-2700-00000000C801}2076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000030725148Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:04.265{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=826DE0AABE3484A180759D8A1C73AFA1,SHA256=51E5107999AB011BC48C6525C1A0A483AC3615C8705B01EC716DD853A0EB1411,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955010Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:04.677{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=DFDAC41E1D65D14CFB05324BEFEE5C4D,SHA256=36B31334F6917E1B740909260A9B692887A09C74A3AB5D2677C73DDEA9475935,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955009Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:04.349{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=38E4946CC9C793F1A1919C14EC333373,SHA256=894A97C3DBC1F6466BF829C5200D78343E607A10A0C7DF6E82B513E2E0D5D75D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000030725147Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:04.049{B81B27B7-63AF-6125-5F00-01000000C801}28604740C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{B81B27B7-4013-611D-2700-00000000C801}2076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000030725159Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:05.295{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=483464A38704306370C063F003AD0894,SHA256=2E5717A573963BB5877B6BE1F07953524CA0D64CE79BB6FF93701057F3998276,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955014Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:05.865{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A901CB950D8A11F200394E9076C12A10,SHA256=3042C9232E3AB22300DB73F7E13151857FFC5113283C7CC6CC410FC06ECB1B75,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000047955013Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:01.808{3BF36828-4019-611D-0B00-00000000CA01}628C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-128.attackrange.local53764-true0:0:0:0:0:0:0:1win-dc-128.attackrange.local389ldap 354300x800000000000000047955012Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:01.808{3BF36828-402C-611D-2900-00000000CA01}2928C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-128.attackrange.local53764-true0:0:0:0:0:0:0:1win-dc-128.attackrange.local389ldap 23542300x800000000000000047955011Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:05.365{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=231D567CA393DD1893D986B6ACBBE5A4,SHA256=05BBDCB5B488ACC92BDBB1D5A0086153CE1FDED52074287520B4A9483E2CA7CD,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725160Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:06.310{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F353901F787BD4A0A4D8640FAB1C4D22,SHA256=0C8E34122D25F7A80D7480C1B201B405B9521E5316D58D52AAB6E28CAF623507,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955015Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:06.380{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=52CF918060A57D83C968B5DF1B674BF6,SHA256=E3C175FD14E71E45EE295864BDFD34C499DA00300955DBEE59E6C5AD28CFCFC5,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955017Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:07.396{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=07040F41E7242BCF14426686D1F2B120,SHA256=C8D670190CACA30F674E0AE22A66C5665FE9DAE3188E2A313CC3121AF2570A1F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725161Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:07.326{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B2882DC1799846B883A9A20E9B1DFFEB,SHA256=CB0398F19A5D9ACC3B7B75F034135AB4321AB4BA2652B39678685FE06EBC0A9E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955016Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:07.068{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F4F0969B28D4E6776FACEEEBC458188C,SHA256=3610976F9C003AF114A9152B3CA38DE0037A88F5C27ABA9DC51C967F6E99E9FD,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000047955020Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:04.932{3BF36828-4037-611D-7100-00000000CA01}4948C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local53765-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000047955019Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:08.396{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=718DAFFBFA65B3B20FDC2D18789F5F82,SHA256=678633A957FAA694CC7ABEA159644859F43F3D791E897168B0C8CEE11B2B0B18,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725162Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:08.346{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1EA4844DA5E928461CC4ACD2100A19F1,SHA256=555F6288093E99AE6879F26BAA382B43EAD2716BFC62DC0B15D1D5DDF33B2B86,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955018Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:08.099{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=0FED40D4122669BD712DC2042461C6F0,SHA256=EE60C7FC6C5DC2C6CF8EEDC94A8F2B14F2F2BDC22AC414F506D85B877E2FCDF7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955022Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:09.412{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=83C3FE182B82986075A19DCC75684B0A,SHA256=48E6EB8E1D0179A5E1C17A9D590E975C5543D6E6F3583D550C7CE33BA8BF33E8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725164Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:09.376{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7FE6E442E9E94AC1713B463A6CCED475,SHA256=0D1E724BB0F2CA3CBA3E8D20136931C4FA4AC526D53D703C7342EA139D19323E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955021Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:09.208{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=3FDE9CBAAF310CA0296A77FC4FBD1452,SHA256=B6CE6DFF3C51CC39826A89EE1A436E18D1D0C011C02344FA852FD2AFADD848DE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000030725163Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:14.073{B81B27B7-401D-611D-6900-00000000C801}3616C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58846-false10.0.1.12-8000- 23542300x800000000000000030725165Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:10.407{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3EB870567EE7CEF3A5AB27630E74DA83,SHA256=C1D11008EB44B79AAAB95CAE4B2BAB1E76498D801F25D8705970C34F7F21F00F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955026Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:10.677{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=8AE16E6DA8AA803C54D60184DD74E72A,SHA256=C2DD8B6622D53717EDEC19585E9575522A32870BB4B3ACA2618AB259A767AD16,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955025Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:10.412{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5597E393628E748C20835F568B78C8CF,SHA256=05D6791DF34912B6E5BB72F0C3DA7D7E55C26D6C535C52FD06CDA4D87CC07F04,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000047955024Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:10.208{3BF36828-401B-611D-0F00-00000000CA01}2966092C:\Windows\system32\svchost.exe{3BF36828-402C-611D-3500-00000000CA01}1532C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\wmiprvsd.dll+2a2f2|C:\Windows\system32\wbem\wmiprvsd.dll+29e26|C:\Windows\system32\wbem\wmiprvsd.dll+28432|C:\Windows\system32\wbem\wmiprvsd.dll+57817|C:\Windows\system32\wbem\wmiprvsd.dll+8a475|C:\Windows\system32\wbem\wbemcore.dll+bcb3|C:\Windows\system32\wbem\wbemcore.dll+3393|C:\Windows\system32\wbem\wbemcore.dll+22adf|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+2c9be|C:\Windows\system32\wbem\wbemcore.dll+202d8|C:\Windows\system32\wbem\wbemcore.dll+390e|C:\Windows\system32\wbem\wbemcore.dll+22bba|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+22711|C:\Windows\system32\wbem\wbemcore.dll+2d78c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047955023Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:10.208{3BF36828-401B-611D-0F00-00000000CA01}2966092C:\Windows\system32\svchost.exe{3BF36828-402C-611D-3500-00000000CA01}1532C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\wmiprvsd.dll+2597b|C:\Windows\system32\wbem\wmiprvsd.dll+283dc|C:\Windows\system32\wbem\wmiprvsd.dll+57817|C:\Windows\system32\wbem\wmiprvsd.dll+8a475|C:\Windows\system32\wbem\wbemcore.dll+bcb3|C:\Windows\system32\wbem\wbemcore.dll+3393|C:\Windows\system32\wbem\wbemcore.dll+22adf|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+2c9be|C:\Windows\system32\wbem\wbemcore.dll+202d8|C:\Windows\system32\wbem\wbemcore.dll+390e|C:\Windows\system32\wbem\wbemcore.dll+22bba|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+22711|C:\Windows\system32\wbem\wbemcore.dll+2d78c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000030725166Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:11.423{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=032AC5D76EC41267761FADB19FE6293B,SHA256=43C2F39D9904A887F1EF16434DA888A13D330479CA2CB22B763B8CAD84FC7636,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955028Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:11.537{3BF36828-402C-611D-3000-00000000CA01}2220NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=9D45E1BDB6F237A6CF51FFC6A12E6130,SHA256=87EEE278CDF62B2B86AF9CB87BDB04BAFB10272CEA175D83979B0C43158C5AB9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955027Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:11.427{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=13591220AA36C2393DB07996A47D996F,SHA256=25F794E56560E5AF0E8355AE1E306CEE6B825B788423431DE51BF9B6371C9EAE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725167Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:12.426{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BEA04B381A0F074D4CD5EC5AE94AC172,SHA256=F4DA33BB68FDC3EA762E66640687F7C1375E820C305EDAFEF55AA37751A75D38,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955030Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:12.427{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C228EC5BC83C3E12F8E586ADD40D6BEB,SHA256=D5743FB534BCC611CE90B2C1D5B34FE6C6C119764E5C3C6C73E6ED17FBFCE111,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955029Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:12.052{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=0BEA373D5D5EB5B8325D63C049817C90,SHA256=04ABFE91F49E8C6BD42AA05DCE66454C0DD521A628D9F368B5627EB1E7B8FBBD,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725176Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:13.456{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=379E2FC576CDAA6A814FAC9443645E1A,SHA256=11048C8882FB80835F141816FD2CBC95E5D295E5784FAB4AC7F189D0F65087E9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000047955033Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:09.369{3BF36828-402C-611D-3000-00000000CA01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local53766-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8089- 23542300x800000000000000047955032Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:13.443{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=467983577967D54B28DEA8E18F847E9E,SHA256=5A1E41373F4A1A9E9A6F04E429A0C4462234B3AC1A8132998F92A9D60D4687DC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000030725175Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:13.325{B81B27B7-4014-611D-3000-00000000C801}31443164C:\Windows\system32\conhost.exe{B81B27B7-63B9-6125-6100-01000000C801}6432C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725174Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:13.325{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725173Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:13.325{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725172Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:13.325{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725171Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:13.325{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725170Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:13.325{B81B27B7-4012-611D-0500-00000000C801}420536C:\Windows\system32\csrss.exe{B81B27B7-63B9-6125-6100-01000000C801}6432C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000030725169Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:13.325{B81B27B7-4013-611D-2700-00000000C801}20763760C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{B81B27B7-63B9-6125-6100-01000000C801}6432C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000030725168Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:13.320{B81B27B7-63B9-6125-6100-01000000C801}6432C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{B81B27B7-4012-611D-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{B81B27B7-4013-611D-2700-00000000C801}2076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000047955031Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:13.115{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=5280A8D9B203C51EE19565E5F8BCD52C,SHA256=909C1A288DF5A055D44D14B945C573B1A61B9CFAB6F23210BC3B6059CB33CEE8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000047955036Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:10.948{3BF36828-4037-611D-7100-00000000CA01}4948C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local53767-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000047955035Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:14.458{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=65120000066F92BFF90DCF285A26A0A8,SHA256=20CEF83394127EA4ECF0B5137675595D846DD71F6F64601B404729AAF7909FE1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725189Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:14.539{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=E2708241BB62CD990DF97FC2335A9819,SHA256=87127A2DF397B9DA671C023A35716E335352CE92DE15EFD84E1D4DFBDA9D7CE7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725188Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:14.539{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=30ECEBD4E367CF3515B4393B106B2D60,SHA256=E249855D58D95D59DDD45BC58ED56329122AF0DD77800122FE7F8D77E8AAE299,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725187Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:14.486{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ED8D747D26CCF75391FF6BC544EC2A13,SHA256=C687D47A1FECBD0842FDCA01001785A0FD9CF3BAA2FC284C41348AFCF2B3D8B7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000030725186Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:20.050{B81B27B7-401D-611D-6900-00000000C801}3616C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58847-false10.0.1.12-8000- 10341000x800000000000000030725185Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:14.171{B81B27B7-63BA-6125-6200-01000000C801}2792224C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{B81B27B7-4013-611D-2700-00000000C801}2076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725184Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:14.024{B81B27B7-4014-611D-3000-00000000C801}31443164C:\Windows\system32\conhost.exe{B81B27B7-63BA-6125-6200-01000000C801}2792C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725183Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:14.023{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725182Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:14.023{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725181Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:14.022{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725180Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:14.022{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725179Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:14.022{B81B27B7-4012-611D-0500-00000000C801}420536C:\Windows\system32\csrss.exe{B81B27B7-63BA-6125-6200-01000000C801}2792C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000030725178Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:14.022{B81B27B7-4013-611D-2700-00000000C801}20763760C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{B81B27B7-63BA-6125-6200-01000000C801}2792C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000030725177Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:14.003{B81B27B7-63BA-6125-6200-01000000C801}2792C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{B81B27B7-4012-611D-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{B81B27B7-4013-611D-2700-00000000C801}2076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000047955034Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:14.333{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2241026317659A9FE92D430A72204DD1,SHA256=5427BAC069412A98F3AF9B423CCA8B33A90589C4A79D8317329C1C83D5AF68C0,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955039Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:15.791{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2EFEDC344A56E20A0C3155EFA1011413,SHA256=1D726068ECACD83D8CB723FB63F6662A40224663BDCE984BF9AF6E99F6A8A8EB,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955038Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:15.474{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E305527EC0904E6F9D87D860F4565C87,SHA256=E4A7D5EB6C43AE316FE8224B3F1289BDB3E0DBEA63128E57E39FF7B01C602293,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725190Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:15.510{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5206E7334FCF0D6E751FA13AFEB57852,SHA256=BBF41C4301F1109FD0F05D95D82B038A994392A17E61B9615A7C374DCC1C11E3,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000047955037Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:15.208{3BF36828-4019-611D-0B00-00000000CA01}628676C:\Windows\system32\lsass.exe{3BF36828-4016-611D-0100-00000000CA01}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x800000000000000030725219Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:16.800{B81B27B7-4012-611D-0D00-00000000C801}792812C:\Windows\system32\svchost.exe{B81B27B7-4133-611D-AB00-00000000C801}4564C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725218Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:16.800{B81B27B7-4012-611D-0D00-00000000C801}792812C:\Windows\system32\svchost.exe{B81B27B7-4133-611D-AB00-00000000C801}4564C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725217Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:16.800{B81B27B7-4012-611D-0D00-00000000C801}792812C:\Windows\system32\svchost.exe{B81B27B7-4133-611D-AB00-00000000C801}4564C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725216Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:16.800{B81B27B7-4012-611D-0D00-00000000C801}792812C:\Windows\system32\svchost.exe{B81B27B7-4133-611D-AB00-00000000C801}4564C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725215Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:16.800{B81B27B7-4012-611D-0D00-00000000C801}792812C:\Windows\system32\svchost.exe{B81B27B7-4133-611D-AB00-00000000C801}4564C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725214Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:16.800{B81B27B7-4012-611D-0D00-00000000C801}792812C:\Windows\system32\svchost.exe{B81B27B7-4133-611D-AB00-00000000C801}4564C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725213Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:16.800{B81B27B7-4012-611D-0D00-00000000C801}792812C:\Windows\system32\svchost.exe{B81B27B7-4133-611D-AB00-00000000C801}4564C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725212Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:16.800{B81B27B7-4012-611D-0D00-00000000C801}792812C:\Windows\system32\svchost.exe{B81B27B7-4133-611D-AB00-00000000C801}4564C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725211Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:16.800{B81B27B7-4012-611D-0D00-00000000C801}792812C:\Windows\system32\svchost.exe{B81B27B7-4133-611D-AB00-00000000C801}4564C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725210Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:16.800{B81B27B7-4012-611D-0D00-00000000C801}792812C:\Windows\system32\svchost.exe{B81B27B7-4133-611D-AB00-00000000C801}4564C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725209Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:16.800{B81B27B7-4012-611D-0D00-00000000C801}792812C:\Windows\system32\svchost.exe{B81B27B7-4133-611D-AB00-00000000C801}4564C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725208Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:16.800{B81B27B7-4012-611D-0D00-00000000C801}792812C:\Windows\system32\svchost.exe{B81B27B7-4133-611D-AB00-00000000C801}4564C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725207Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:16.800{B81B27B7-4012-611D-0D00-00000000C801}792812C:\Windows\system32\svchost.exe{B81B27B7-4133-611D-AB00-00000000C801}4564C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725206Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:16.800{B81B27B7-4012-611D-0D00-00000000C801}792812C:\Windows\system32\svchost.exe{B81B27B7-4133-611D-AB00-00000000C801}4564C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725205Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:16.800{B81B27B7-4012-611D-0D00-00000000C801}792812C:\Windows\system32\svchost.exe{B81B27B7-4133-611D-AB00-00000000C801}4564C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725204Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:16.800{B81B27B7-4012-611D-0D00-00000000C801}792812C:\Windows\system32\svchost.exe{B81B27B7-4133-611D-AB00-00000000C801}4564C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725203Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:16.800{B81B27B7-4012-611D-0D00-00000000C801}792812C:\Windows\system32\svchost.exe{B81B27B7-4133-611D-AB00-00000000C801}4564C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725202Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:16.800{B81B27B7-4012-611D-0D00-00000000C801}792812C:\Windows\system32\svchost.exe{B81B27B7-4133-611D-AB00-00000000C801}4564C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725201Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:16.800{B81B27B7-4012-611D-0D00-00000000C801}792812C:\Windows\system32\svchost.exe{B81B27B7-4134-611D-AC00-00000000C801}4856C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725200Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:16.800{B81B27B7-4012-611D-0D00-00000000C801}792812C:\Windows\system32\svchost.exe{B81B27B7-4134-611D-AC00-00000000C801}4856C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725199Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:16.800{B81B27B7-4012-611D-0D00-00000000C801}792812C:\Windows\system32\svchost.exe{B81B27B7-4134-611D-AC00-00000000C801}4856C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725198Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:16.800{B81B27B7-4012-611D-0D00-00000000C801}792812C:\Windows\system32\svchost.exe{B81B27B7-4134-611D-AC00-00000000C801}4856C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725197Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:16.800{B81B27B7-4012-611D-0D00-00000000C801}792812C:\Windows\system32\svchost.exe{B81B27B7-4134-611D-AC00-00000000C801}4856C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725196Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:16.800{B81B27B7-4012-611D-0D00-00000000C801}792812C:\Windows\system32\svchost.exe{B81B27B7-4134-611D-AC00-00000000C801}4856C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725195Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:16.800{B81B27B7-4012-611D-0D00-00000000C801}792812C:\Windows\system32\svchost.exe{B81B27B7-4134-611D-AC00-00000000C801}4856C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725194Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:16.800{B81B27B7-4012-611D-0D00-00000000C801}792812C:\Windows\system32\svchost.exe{B81B27B7-AA34-611E-C92D-00000000C801}2908C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725193Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:16.800{B81B27B7-4012-611D-0D00-00000000C801}792812C:\Windows\system32\svchost.exe{B81B27B7-AA34-611E-C92D-00000000C801}2908C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725192Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:16.800{B81B27B7-4012-611D-0D00-00000000C801}792812C:\Windows\system32\svchost.exe{B81B27B7-AA34-611E-C92D-00000000C801}2908C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000030725191Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:16.518{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=28D09E1D564001BDEF26E347BB0FA586,SHA256=52116618DA571F0C44144F95C42129D8E95BC36CDD8820943299B8D32E850731,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955043Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:16.884{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=0D8A49F9CE011EA1B6B598C0FC0C6A8D,SHA256=9D048B2939E1D82C3EEAE1670C3922DCCEE949DFAD1F1C74E04B777F3391F012,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000047955042Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:13.058{3BF36828-4016-611D-0100-00000000CA01}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:b574:557a:2d92:ce61win-dc-128.attackrange.local53768-truefe80:0:0:0:b574:557a:2d92:ce61win-dc-128.attackrange.local445microsoft-ds 354300x800000000000000047955041Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:13.058{3BF36828-4016-611D-0100-00000000CA01}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:b574:557a:2d92:ce61win-dc-128.attackrange.local53768-truefe80:0:0:0:b574:557a:2d92:ce61win-dc-128.attackrange.local445microsoft-ds 23542300x800000000000000047955040Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:16.478{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7DDAD23303F8AE30815794B548BF24B1,SHA256=A26CFD93736BF22B794B8766A751D5C056F523515A0D395B32572E42A23DDF63,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725220Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:17.967{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=15C583374AF568C0E45E4DD0631C5154,SHA256=9F582F3DCC0D581ABFF24176F43BD3A7271C9E8821AA69A6EB095FBC12A3AF6B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955045Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:17.978{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C16B19A7523B0BE3ED0E7094492F8AD7,SHA256=DDC8C32BA2734D5CB7B0A439558BEA218B35AAAF24BD735BC4859F9B1E41DD80,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955044Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:17.494{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C28C3F68C98651B2C8726A4E23E6AB0F,SHA256=5FC66620AA7D238FA7EF570D25F7566E22957CD49531EDC311F3BAE7A3F03441,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725221Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:18.997{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=86D46AA202945E721201CB5042F91744,SHA256=14905D7CE14719D741938E62031D136A17F61CAFAA7535E471689F1474165653,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955046Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:18.541{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8D0BAD23148D5EA4E54B1606E5DF8F11,SHA256=9AF16F79574D84554086D88B7C9330002CFBA769EF3EAFAADA92DA33F0AED1E3,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000047955049Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:16.045{3BF36828-4037-611D-7100-00000000CA01}4948C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local53769-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000047955048Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:19.556{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=779D6B5DC14C3ACF04FFE107323ECB2B,SHA256=FFFEB6BB560FD06045C9F5193015658FB83F9878B0A0122F7860DA7D8520AB29,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000030725231Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:19.980{B81B27B7-4014-611D-3000-00000000C801}31443164C:\Windows\system32\conhost.exe{B81B27B7-63BF-6125-6300-01000000C801}5596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725230Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:19.980{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725229Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:19.980{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725228Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:19.980{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725227Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:19.980{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725226Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:19.980{B81B27B7-4012-611D-0500-00000000C801}420436C:\Windows\system32\csrss.exe{B81B27B7-63BF-6125-6300-01000000C801}5596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000030725225Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:19.980{B81B27B7-4013-611D-2700-00000000C801}20763760C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{B81B27B7-63BF-6125-6300-01000000C801}5596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000030725224Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:19.965{B81B27B7-63BF-6125-6300-01000000C801}5596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{B81B27B7-4012-611D-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{B81B27B7-4013-611D-2700-00000000C801}2076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000030725223Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:25.125{B81B27B7-401D-611D-6900-00000000C801}3616C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58848-false10.0.1.12-8000- 23542300x800000000000000030725222Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:19.197{B81B27B7-4013-611D-2700-00000000C801}2076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=9D45E1BDB6F237A6CF51FFC6A12E6130,SHA256=87EEE278CDF62B2B86AF9CB87BDB04BAFB10272CEA175D83979B0C43158C5AB9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955047Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:19.212{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=BF3230BCB033941189EEADBE969785E9,SHA256=13897B676FE6FFFF2C8E481CAC26F0D4F42D3932B82020C293909EA849B76977,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955052Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:20.587{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=64014D0A85D76C7A88D008CBF45D999D,SHA256=EF3C05D15231B06531E13BEC3E736555DB10B0E5AE07A318529F4661B955DD23,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000030725243Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:20.811{B81B27B7-63C0-6125-6400-01000000C801}21326224C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{B81B27B7-4013-611D-2700-00000000C801}2076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725242Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:20.664{B81B27B7-4014-611D-3000-00000000C801}31443164C:\Windows\system32\conhost.exe{B81B27B7-63C0-6125-6400-01000000C801}2132C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725241Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:20.664{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725240Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:20.664{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725239Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:20.664{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725238Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:20.664{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725237Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:20.664{B81B27B7-4012-611D-0500-00000000C801}420984C:\Windows\system32\csrss.exe{B81B27B7-63C0-6125-6400-01000000C801}2132C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000030725236Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:20.664{B81B27B7-4013-611D-2700-00000000C801}20763760C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{B81B27B7-63C0-6125-6400-01000000C801}2132C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000030725235Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:20.649{B81B27B7-63C0-6125-6400-01000000C801}2132C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{B81B27B7-4012-611D-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{B81B27B7-4013-611D-2700-00000000C801}2076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000030725234Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:26.109{B81B27B7-4013-611D-2700-00000000C801}2076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58849-false10.0.1.12-8089- 10341000x800000000000000030725233Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:20.249{B81B27B7-63BF-6125-6300-01000000C801}55966716C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{B81B27B7-4013-611D-2700-00000000C801}2076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000030725232Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:20.018{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4EC0C1CB0F40FC4ECD1E771A40D8125A,SHA256=CEA0E509FF03E34657A95E30A9EA58E1DD5309D012E832BF42B0258DBB30F37E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955051Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:20.525{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=0300E4DFC977E1A9DE2B36C7B7DEB6E7,SHA256=DB8CC339C020B454FA5F92FA939A5CC6681ED7A9DCC64BCB68C9D97A770355E4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955050Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:20.416{3BF36828-401B-611D-1200-00000000CA01}760NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=7AD96058288BBA76360E4ACF1AA7E623,SHA256=BA59C06BB8331FD21894D96838615150B03412FB8BDD3B62EB1F1313CB61D9B4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955054Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:21.744{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=6A4F8641D61E5743BF5E8496607414B6,SHA256=DF16850CB5DBF385F59AD441F5576037B22668E4D546237FBDC155B9887B026C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955053Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:21.603{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F72DA5D539CDB6B887966F0DF4E45985,SHA256=553EAD387BBF427E8D97D154124C79B4C13C65547B9AF14AA302D278D69EF4E4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725246Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:21.132{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=55936F4FEDDBB39F42CEAC0BC78AEC46,SHA256=DA00C32FCBBF2D850AB886258A1C8288F5E2D00AE060C7EC134B16CABC172D53,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725245Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:21.132{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=E2708241BB62CD990DF97FC2335A9819,SHA256=87127A2DF397B9DA671C023A35716E335352CE92DE15EFD84E1D4DFBDA9D7CE7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725244Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:21.048{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A134ECF252FB93D4E1939EB611AC2367,SHA256=CD84E9FBC130CAFFB3E91222D3050C0A5774856B939BAD040C9ADBDB33632757,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955056Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:22.869{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=1EDC5ACDD66CB7291EF0ABA65848AE80,SHA256=528B87A89975D2C93C960C707059E6DA454C5395BA96DD4885A1D3BB6952FFC0,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955055Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:22.666{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8F2FA16925588911D50E72F21C4731C2,SHA256=E5C82308B73061E5FB738F4CE13ACDF574F4D459A2D31CF7F2D2E9025F7FB5F1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725247Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:22.063{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E326FD6866A06D9E99B9DC34D55A5C68,SHA256=2E3B579025B617142D67D7DD308477E86C5F0E5EAC73DC45ACCFD76573E40CB7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955057Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:23.697{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FAEC28A2ACCABA20711291ED7837B9B3,SHA256=3B49835284FE2620932718FF07D16BBF76747D7CD3DBBE4C129F12E23FE85BC2,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000030725256Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:23.115{B81B27B7-4014-611D-3000-00000000C801}31443164C:\Windows\system32\conhost.exe{B81B27B7-63C3-6125-6500-01000000C801}6088C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725255Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:23.115{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725254Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:23.115{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725253Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:23.115{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725252Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:23.115{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725251Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:23.115{B81B27B7-4012-611D-0500-00000000C801}420984C:\Windows\system32\csrss.exe{B81B27B7-63C3-6125-6500-01000000C801}6088C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000030725250Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:23.115{B81B27B7-4013-611D-2700-00000000C801}20763760C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{B81B27B7-63C3-6125-6500-01000000C801}6088C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000030725249Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:23.109{B81B27B7-63C3-6125-6500-01000000C801}6088C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{B81B27B7-4012-611D-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{B81B27B7-4013-611D-2700-00000000C801}2076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000030725248Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:23.093{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=14CE4E103546630957152AFDA27E4AF4,SHA256=3E7EFDC2418587BCFE98476A4E1D681AB44E427E979997A5AA1B2CBF03699AA1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955059Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:24.744{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=249D4EB95B73F67235A4A98C5EA4151B,SHA256=7EDFB0764ABE6E5A4E3A5802C316445AE594A9FDC920D360A561E34F9CAAB22F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725258Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:24.132{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=55936F4FEDDBB39F42CEAC0BC78AEC46,SHA256=DA00C32FCBBF2D850AB886258A1C8288F5E2D00AE060C7EC134B16CABC172D53,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725257Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:24.094{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8CFBE533515F5265D861378F4C621472,SHA256=C36F557606E308A8FFFC74E90997D1BBA569C1E06CF3912ABEF483E671540C1E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955058Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:24.025{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=005880D7A37E14B40D55789A81D103CC,SHA256=ABAA32CFBF6C39FAEE295A7ACEDD16D44CF2E6134FABC96F41749947CC871B61,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955062Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:25.759{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C60210D01F3B12727A743AC50F3D57BA,SHA256=6C7FA8454FACF91A999AA543FC8E1CA81ACC849D28AA096E930E4E8AE5997022,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000030725260Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:31.037{B81B27B7-401D-611D-6900-00000000C801}3616C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58850-false10.0.1.12-8000- 23542300x800000000000000030725259Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:25.113{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=88002749615C8F82B39F737DAA147D92,SHA256=D00C5379DF7CBD5C4E6B93E0F748BDA3B1A92D14576AAC630E8A7B544D4D967A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955061Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:25.181{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=FBA9AED1EE69704F49F3151C274B92F6,SHA256=3D2777D3D325DBE9E96A19CAC97834BF546DA1E3391C944DFF257244CB02D2D2,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000047955060Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:21.076{3BF36828-4037-611D-7100-00000000CA01}4948C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local53770-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000047955064Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:26.791{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7CA559C665BDC39E5B7AB7D8F3387686,SHA256=31DA12463CE497946ECBC8F427AEB1BBE2F8C7936705832EBA77140A8673506D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725261Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:26.130{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C514685D22D133E2D0F5E173C635AE49,SHA256=8E63D96ED4CC7C18C96067F32C289D52438F720406D8B2CBFEE8FCA4B4265FC9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955063Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:26.447{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2E46D75FA378BBD4DF8A012C56ADB6B5,SHA256=A7426F2C59B206F840F11113962FF5F984D87C77F67333FBA825F0821EFCCF44,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955066Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:27.822{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5419F7E66EA814D045C38F6B5B19542F,SHA256=6D9EC7303E6458A8B51D31D8899C4A99D285E8B65FE68D33D4489A5C3D23A351,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725262Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:27.144{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B2BC8EA56ED960489CF18492845DC21F,SHA256=DAECC56989ACFB50E0DC91E3DE274433CF358B6F205B30ED1BE2A42E38ECAABE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955065Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:27.604{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D3BC0C3CF5307591B8BC4CB175A632BE,SHA256=55E96EE907A6EBD4E58942B3032C43E12844D36C1DA73CC8F1756CD4109E9EFF,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955067Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:28.854{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FAE35A61017CB05349D95B8A52695AC8,SHA256=327C1046CBA287D3017597B3424EEEB9F2BBE6463A97D57F108CE02330B937FE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725263Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:28.159{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3715F7EB6010F86E2FB51E63F397B4FC,SHA256=0255CEA3B63B6CC9EE4B3DBFAC1269412F8C37BCF96CBD77B59BBBFDBDF54019,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955069Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:29.917{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FEA5BEE3369145EAFEBDCEFEA7AECA66,SHA256=BF0334D33A5610529E9A0F40235422202A82DBE9F0BFCA242748E3813A88EF87,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725264Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:29.174{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CFCE4B50939156FFA95AB14A4056E8C6,SHA256=343283D94F0B3EC74A4492C43A15CFDAB8F284F9BF9F8BED3A0F2A0A324A9493,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955068Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:28.995{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C31441673DB80D284FDB602C69B64A58,SHA256=139FBA01934CA40082AB92824DE78F937C19F22C182ACCEB26F8B5966020F32B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955072Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:30.917{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3DD25B8D77091F58530AB8896381EC69,SHA256=FAC9E844896740EA3F66D3087710497FFBD27A95199A8F85D5C81369B5FFA63C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725265Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:30.189{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5377D1F83E45D4539E3664D976689A73,SHA256=EB99C1210C0A0CB032A4158D567991ABDCB50B89FA97DABDDA55739957C9A003,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000047955071Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:26.984{3BF36828-4037-611D-7100-00000000CA01}4948C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local53771-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000047955070Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:30.198{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2A25DD32DD2494725D6A3330031F85F9,SHA256=ED7AC78D674C2855AED17734E9E7426993487C36FD6E171BB65C37FC3F976937,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955074Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:31.948{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CDC04837C666E16886AA586E0E1DDC51,SHA256=04B5B6715E8E6AFC99741F9C4FC8727DD13B0C325A2A51E3BD86FBEC4F2600E9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000030725267Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:36.954{B81B27B7-401D-611D-6900-00000000C801}3616C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58851-false10.0.1.12-8000- 23542300x800000000000000030725266Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:31.210{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5A215080DB2E0DF38FBFE9266FDAAEA8,SHA256=F5BAA465BE5486C46F226C6749BF0EAFA4C652BA5F860BACD8E86FF18F28E42A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955073Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:31.324{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F5F40D778544AAEB632B6BFB0D16C956,SHA256=F39FDE8634A077A42EC56EBE5B3A3AA9570642FD61733CBE38303BD36BB71609,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725268Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:32.240{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=716EECE8C58A4A224C2CC68A9F295A74,SHA256=DD7A5970691DD76E6C268B9BAF68F1EFFF55F3401A1F7ED7A542A262101DCC3D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955075Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:32.464{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=FE919356A9071DF5A3AB0ADE38E6CA66,SHA256=79C0DCAD1350733E539BE1C8201072295A4A224E1B7A667BB9F3FA3E8E2DC2F7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725269Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:33.270{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1F503576DF9B0AD0292FBB6394F57D37,SHA256=0192DD07F79CDBC7BDD2788D6BEBADE43E722785C1C2067A4355E0931D6CA18E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955077Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:33.886{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=44EA8CB5829FDFCEBB0F1E0E10DCC40D,SHA256=DC2F7B5323F4A5B21ECEB6896EBF60277C6928F054672432F081CF44A0A61651,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955076Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:33.011{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7A17F157DDE5B4A157BA273072969F4A,SHA256=26DE389627995C64E170F26165612424367BD7F8DEE25EFC34F5F274D0BC4697,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725270Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:34.285{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BEDA481A5A85526345AABE69515021CE,SHA256=8D340B367CA7944FFDABCBF5432D66F69BCD006A05232797BDB5C7B14A47BBEA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955078Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:34.011{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E03B0F149F6B534B7BF06FC98BE0CECD,SHA256=F08D30D7A33462AF26CBD8471CD527D6C9BF085557EEE51E9AF98A86508F2FB6,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725271Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:35.302{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BEB404AB6C81DB1127DDB753466A5A86,SHA256=28F715307DB304D18C4DE48F2451A7F07D2E52BAAD58D1C60AE47A3D6360BA85,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955080Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:35.229{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=0116A84A16A27BB729559BE8B7448A24,SHA256=02CC5311AB59694B4763C86341258851489B03660ED572A6042F0C0A05F7A458,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955079Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:35.042{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4C827261975D2B317DB4FB0EE9713CF1,SHA256=45B16630988C73BE0A5B35E3CF114FCFC9B60FFD852BDC9FD77CD977B3B07AF0,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725272Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:36.367{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1EBE8329333C5F87CA1D7F8E4DBF34DE,SHA256=586D4E277CE5CD08CA8BDE275D74C7F900FD545B2D0D2282A363155CC8F30855,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000047955083Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:32.093{3BF36828-4037-611D-7100-00000000CA01}4948C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local53772-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000047955082Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:36.323{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=0FC8E7486478E2934E005CE13701527F,SHA256=7DC7FBB296A7EB58E0F955C26B6C5CC06374FC913630212A623426F58353D274,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955081Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:36.042{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=49EBB24FB620A81FDE6237D3764ADB34,SHA256=13EDB361ED581AE5CEEA557241C578B7C6B997684FF36CC2321049A8E9D54F38,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725274Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:37.399{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9483EDB43903DDFFB33D11B9CA673EA2,SHA256=CBB47906F3A7DC023CFD27C303521C4C09C808A8A247E434D7C7019DAE6585C6,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955085Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:37.480{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=499ED933F1FAC62E3ACEF1C3F5734CC4,SHA256=9DCC5DA1A9933478C6376716753BFCF738AD8BDFEFE5C6EAE959026885720F56,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955084Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:37.058{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E77A2F9F658CE93EFF111010DBAB13B6,SHA256=A197111ADE300AB8E0162B0435CFF5EB033326294BB7905EB1E5FB6EE15A80C2,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000030725273Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:42.049{B81B27B7-401D-611D-6900-00000000C801}3616C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58852-false10.0.1.12-8000- 23542300x800000000000000030725275Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:38.434{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F4B2A8BF91E6B7F837A00FFC5639905A,SHA256=C1991765741C4BFAC34811D577C9E4B1C709B30E3A8BB9FD8D8533223311DFCE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955087Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:38.526{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C9BFEDE51E6A1FF12175F44049EC4023,SHA256=ACD7FE3532018E029EB5C63B45EFF596B7530BF957499CC92120D9DB170794B5,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955086Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:38.058{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F1C675C6A0FD50EB79EEE1A170789341,SHA256=3309694853773BB2BA96CC5CDCBBCA079638A1B8F41E059A08F2F15041426BBD,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725276Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:39.464{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=69EF639F6D13623E7DDC38D0D22F1E75,SHA256=CFC960B6C3D6327D051A817E9A25E0412E2019623C3373E0603EA2F299463D1B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955089Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:39.558{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=86C0FFD052388DAA50D24056AE48E899,SHA256=706032FA935CD321C2F269F3FFE7A13090FCFE41E035EB7F38C1616E53732B90,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955088Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:39.073{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=40D268B0D3A3186F899F1116FCDA4203,SHA256=7ADF7E45CE50EEFC91F040371EF3F866D54A932355DEBA56E0249A88FA99848F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725277Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:40.496{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=764C32033A83B55E5E378208472F6949,SHA256=16E015062048FF7F5F3A652C573E094A80891B892AE29D495FF42C043A0D5960,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955091Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:40.823{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D40D9A989056650790C82366AFF69E3E,SHA256=770E03247E2C3FA82F109666031F228E66862E870A9ED9057EE6E5DC11F163C7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955090Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:40.105{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4C7EF733BFAC3393CE333BF3245C7739,SHA256=F972367B16670FCA116F84400609DAC3F6A04F8B2A69613ACA264B1AC6854AAC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000030725279Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:47.176{B81B27B7-401D-611D-6900-00000000C801}3616C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58853-false10.0.1.12-8000- 23542300x800000000000000030725278Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:41.546{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=376519FD6E78C45FC38E39ECD26E85AD,SHA256=6E72385EA01203D06A23CB1671D0F3A650962BD435F9D4429E73DD6CD9E7377D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955092Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:41.120{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0844E97559AAC7501E8EFA6DA287DF77,SHA256=71B58428F9B61231CEBAE0013D5F8696523FA7787A274185446CAEE16608B3AF,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725280Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:42.560{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8C46F6739E668E410DEABAF78C1179D8,SHA256=E26D6D0EF3BB32AF7D9542F980DEF93B11A4EACDA4289CF04221E8DA0F5C3456,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000047955095Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:38.031{3BF36828-4037-611D-7100-00000000CA01}4948C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local53773-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000047955094Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:42.339{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=37A1A64C0D421D5EEF9E1805CDDE830A,SHA256=6D8189D2F85EF1BCBAD4DBC2338652FD08230BD67517086236D8DD08275387CB,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955093Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:42.120{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A11257E6A42D1677A8E322A713DB823B,SHA256=D71D0D44236936B2A018091118260824355D75DFC0C93F6133D65B5FEB115C01,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725281Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:43.575{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A9DE43ACB1EC594F0BFAB84AC5E764C1,SHA256=1C2413E7063B8434A8BE9404FACB8FE20F6C96FEA9CF11018D8B0AA089B8731F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955154Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:43.855{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D426946C876FDBBD7C7552275D032EA4,SHA256=135BFF3995DE3649CD086A75E342E8780E000992CAA131462C8EFD47F2C6CC2D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x800000000000000047955153Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:43.730{3BF36828-63D7-6125-53F4-00000000CA01}2312C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000047955152Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:43.730{3BF36828-63D7-6125-53F4-00000000CA01}2312C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000047955151Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:43.730{3BF36828-63D7-6125-53F4-00000000CA01}2312C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x800000000000000047955150Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:43.589{3BF36828-63D7-6125-53F4-00000000CA01}2312C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000047955149Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:43.589{3BF36828-63D7-6125-53F4-00000000CA01}2312C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rsaenh.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=B6E99FD898E948657373BB02708C7C00,SHA256=90476029BD7AB0FEC53AAE567AE53BC0B09C7C5C8C7B8F19485BA872B74ED591,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000047955148Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:43.589{3BF36828-63D7-6125-53F4-00000000CA01}2312C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000047955147Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:43.589{3BF36828-63D7-6125-53F4-00000000CA01}2312C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000047955146Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:43.589{3BF36828-63D7-6125-53F4-00000000CA01}2312C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000047955145Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:43.589{3BF36828-63D7-6125-53F4-00000000CA01}2312C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000047955144Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:43.589{3BF36828-63D7-6125-53F4-00000000CA01}2312C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000047955143Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:43.589{3BF36828-63D7-6125-53F4-00000000CA01}2312C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000047955142Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:43.573{3BF36828-63D7-6125-53F4-00000000CA01}2312C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000047955141Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:43.573{3BF36828-63D7-6125-53F4-00000000CA01}2312C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000047955140Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:43.573{3BF36828-63D7-6125-53F4-00000000CA01}2312C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000047955139Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:43.573{3BF36828-63D7-6125-53F4-00000000CA01}2312C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000047955138Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:43.573{3BF36828-63D7-6125-53F4-00000000CA01}2312C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\combase.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=88632FDECDE467B887C3594BE2EC545C,SHA256=FFED4D80961917C785063411ED15CED1DB6588AD925E76D72E1BF684FFDBF25D,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000047955137Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:43.573{3BF36828-63D7-6125-53F4-00000000CA01}2312C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000047955136Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:43.573{3BF36828-63D7-6125-53F4-00000000CA01}2312C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000047955135Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:43.573{3BF36828-63D7-6125-53F4-00000000CA01}2312C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000047955134Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:43.573{3BF36828-63D7-6125-53F4-00000000CA01}2312C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000047955133Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:43.573{3BF36828-63D7-6125-53F4-00000000CA01}2312C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000047955132Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:43.573{3BF36828-63D7-6125-53F4-00000000CA01}2312C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000047955131Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:43.573{3BF36828-63D7-6125-53F4-00000000CA01}2312C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000047955130Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:43.573{3BF36828-63D7-6125-53F4-00000000CA01}2312C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000047955129Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:43.573{3BF36828-63D7-6125-53F4-00000000CA01}2312C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000047955128Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:43.573{3BF36828-63D7-6125-53F4-00000000CA01}2312C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000047955127Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:43.573{3BF36828-63D7-6125-53F4-00000000CA01}2312C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000047955126Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:43.573{3BF36828-63D7-6125-53F4-00000000CA01}2312C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4350 (rs1_release.210407-2154)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=BC930981DA6E598A6A2E87D8355CB38A,SHA256=34DB9A305C0574B5C1694A499221B520DFB2BFD894D8E95096ABF09F1182D758,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000047955125Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:43.573{3BF36828-63D7-6125-53F4-00000000CA01}2312C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000047955124Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:43.573{3BF36828-63D7-6125-53F4-00000000CA01}2312C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000047955123Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:43.573{3BF36828-63D7-6125-53F4-00000000CA01}2312C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000047955122Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:43.573{3BF36828-63D7-6125-53F4-00000000CA01}2312C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000047955121Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:43.573{3BF36828-63D7-6125-53F4-00000000CA01}2312C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000047955120Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:43.573{3BF36828-63D7-6125-53F4-00000000CA01}2312C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000047955119Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:43.573{3BF36828-63D7-6125-53F4-00000000CA01}2312C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000047955118Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:43.573{3BF36828-63D7-6125-53F4-00000000CA01}2312C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000047955117Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:43.573{3BF36828-63D7-6125-53F4-00000000CA01}2312C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000047955116Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:43.573{3BF36828-63D7-6125-53F4-00000000CA01}2312C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\fltLib.dll10.0.14393.0 (rs1_release.160715-1616)Filter LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationfilterLib.dllMD5=051ABD8360BDA63A1BC77C662FBF0A25,SHA256=C914E2DBAEC2C9A11923A984B30A979637D3A27B3C29E93F4C90FB1D9FBC518F,IMPHASH=74D3C2DA8B6F9861866B866AE40683D3trueMicrosoft WindowsValid 734700x800000000000000047955115Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:43.573{3BF36828-63D7-6125-53F4-00000000CA01}2312C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\advapi32.dll10.0.14393.2969 (rs1_release.190503-1820)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=F5442C4B9A99C3AED71BED79AC46DAD1,SHA256=05F47403F3BD93FB11F39A5CB4D6E4DD08B35FF4FA3D4969D8E5396D38FB484B,IMPHASH=D2F471BB25AF6310EB67BD4EA99B4DBCtrueMicrosoft WindowsValid 10341000x800000000000000047955114Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:43.573{3BF36828-402D-611D-3A00-00000000CA01}36083628C:\Windows\system32\conhost.exe{3BF36828-63D7-6125-53F4-00000000CA01}2312C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000047955113Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:43.573{3BF36828-63D7-6125-53F4-00000000CA01}2312C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000047955112Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:43.573{3BF36828-63D7-6125-53F4-00000000CA01}2312C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000047955111Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:43.573{3BF36828-63D7-6125-53F4-00000000CA01}2312C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 10341000x800000000000000047955110Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:43.573{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047955109Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:43.573{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000047955108Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:43.558{3BF36828-63D7-6125-53F4-00000000CA01}2312C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exeMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8trueSplunk, Inc.Valid 10341000x800000000000000047955107Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:43.558{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047955106Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:43.558{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047955105Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:43.558{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047955104Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:43.558{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047955103Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:43.558{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047955102Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:43.558{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047955101Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:43.558{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047955100Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:43.558{3BF36828-4019-611D-0500-00000000CA01}408424C:\Windows\system32\csrss.exe{3BF36828-63D7-6125-53F4-00000000CA01}2312C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000047955099Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:43.558{3BF36828-402C-611D-3000-00000000CA01}22204860C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3BF36828-63D7-6125-53F4-00000000CA01}2312C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000047955098Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:43.558{3BF36828-63D7-6125-53F4-00000000CA01}2312C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{3BF36828-4019-611D-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{3BF36828-402C-611D-3000-00000000CA01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000047955097Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:43.448{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=38F7F4DFAEAEFA9ED2694E29C134423E,SHA256=4C24D6ADE280BB4A2B183F9214113A670696521E2087116B51DFF9201182D338,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955096Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:43.136{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FCE7A28B02752E870211686D6B2697F7,SHA256=803A67091E8C0E58EF73A158CC1013C700C7DA6EE66DCEB1CEA635C6A26092D9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725282Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:44.577{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2623F1F539B9D066EB820DB05120EEC1,SHA256=766A05A89F178058F2FF87263039AB3CDB11A296BAFDFE8DE15B21D78617E08E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955266Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.964{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F51EB9B0E4FBE5414F38457518E9DAA6,SHA256=68D74A2AD6C3E753F7F231D570224B0340247805B4BCA44BD765785A3F670C1D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955265Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.902{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A44C1FD61E05944429AFB50E6F8DEA80,SHA256=2279EDA1457139306C34C3B63C27467092274E2BDFEEDB5BA83AFC7CD74EEE04,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x800000000000000047955264Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.902{3BF36828-63D8-6125-55F4-00000000CA01}3620C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000047955263Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.902{3BF36828-63D8-6125-55F4-00000000CA01}3620C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=B6E99FD898E948657373BB02708C7C00,SHA256=90476029BD7AB0FEC53AAE567AE53BC0B09C7C5C8C7B8F19485BA872B74ED591,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000047955262Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.886{3BF36828-63D8-6125-55F4-00000000CA01}3620C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000047955261Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.886{3BF36828-63D8-6125-55F4-00000000CA01}3620C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000047955260Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.886{3BF36828-63D8-6125-55F4-00000000CA01}3620C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000047955259Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.886{3BF36828-63D8-6125-55F4-00000000CA01}3620C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000047955258Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.886{3BF36828-63D8-6125-55F4-00000000CA01}3620C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000047955257Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.886{3BF36828-63D8-6125-55F4-00000000CA01}3620C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000047955256Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.870{3BF36828-63D8-6125-55F4-00000000CA01}3620C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000047955255Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.870{3BF36828-63D8-6125-55F4-00000000CA01}3620C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000047955254Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.870{3BF36828-63D8-6125-55F4-00000000CA01}3620C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000047955253Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.870{3BF36828-63D8-6125-55F4-00000000CA01}3620C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000047955252Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.870{3BF36828-63D8-6125-55F4-00000000CA01}3620C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=88632FDECDE467B887C3594BE2EC545C,SHA256=FFED4D80961917C785063411ED15CED1DB6588AD925E76D72E1BF684FFDBF25D,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000047955251Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.870{3BF36828-63D8-6125-55F4-00000000CA01}3620C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000047955250Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.870{3BF36828-63D8-6125-55F4-00000000CA01}3620C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000047955249Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.870{3BF36828-63D8-6125-55F4-00000000CA01}3620C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000047955248Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.870{3BF36828-63D8-6125-55F4-00000000CA01}3620C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000047955247Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.870{3BF36828-63D8-6125-55F4-00000000CA01}3620C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000047955246Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.870{3BF36828-63D8-6125-55F4-00000000CA01}3620C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000047955245Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.870{3BF36828-63D8-6125-55F4-00000000CA01}3620C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000047955244Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.870{3BF36828-63D8-6125-55F4-00000000CA01}3620C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000047955243Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.870{3BF36828-63D8-6125-55F4-00000000CA01}3620C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000047955242Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.870{3BF36828-63D8-6125-55F4-00000000CA01}3620C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000047955241Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.870{3BF36828-63D8-6125-55F4-00000000CA01}3620C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000047955240Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.870{3BF36828-63D8-6125-55F4-00000000CA01}3620C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4350 (rs1_release.210407-2154)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=BC930981DA6E598A6A2E87D8355CB38A,SHA256=34DB9A305C0574B5C1694A499221B520DFB2BFD894D8E95096ABF09F1182D758,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000047955239Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.870{3BF36828-63D8-6125-55F4-00000000CA01}3620C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000047955238Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.870{3BF36828-63D8-6125-55F4-00000000CA01}3620C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000047955237Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.870{3BF36828-63D8-6125-55F4-00000000CA01}3620C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000047955236Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.870{3BF36828-63D8-6125-55F4-00000000CA01}3620C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000047955235Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.870{3BF36828-63D8-6125-55F4-00000000CA01}3620C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000047955234Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.870{3BF36828-63D8-6125-55F4-00000000CA01}3620C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000047955233Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.870{3BF36828-63D8-6125-55F4-00000000CA01}3620C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000047955232Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.870{3BF36828-63D8-6125-55F4-00000000CA01}3620C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000047955231Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.870{3BF36828-63D8-6125-55F4-00000000CA01}3620C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000047955230Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.870{3BF36828-63D8-6125-55F4-00000000CA01}3620C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.2969 (rs1_release.190503-1820)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=F5442C4B9A99C3AED71BED79AC46DAD1,SHA256=05F47403F3BD93FB11F39A5CB4D6E4DD08B35FF4FA3D4969D8E5396D38FB484B,IMPHASH=D2F471BB25AF6310EB67BD4EA99B4DBCtrueMicrosoft WindowsValid 10341000x800000000000000047955229Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.870{3BF36828-402D-611D-3A00-00000000CA01}36083628C:\Windows\system32\conhost.exe{3BF36828-63D8-6125-55F4-00000000CA01}3620C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000047955228Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.870{3BF36828-63D8-6125-55F4-00000000CA01}3620C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000047955227Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.870{3BF36828-63D8-6125-55F4-00000000CA01}3620C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000047955226Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.870{3BF36828-63D8-6125-55F4-00000000CA01}3620C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000047955225Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.870{3BF36828-63D8-6125-55F4-00000000CA01}3620C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1CtrueSplunk, Inc.Valid 10341000x800000000000000047955224Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.870{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047955223Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.870{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047955222Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.870{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047955221Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.870{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047955220Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.870{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047955219Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.870{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047955218Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.870{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047955217Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.870{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047955216Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.870{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047955215Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.870{3BF36828-4019-611D-0500-00000000CA01}408356C:\Windows\system32\csrss.exe{3BF36828-63D8-6125-55F4-00000000CA01}3620C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000047955214Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.870{3BF36828-402C-611D-3000-00000000CA01}22204860C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3BF36828-63D8-6125-55F4-00000000CA01}3620C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000047955213Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.848{3BF36828-63D8-6125-55F4-00000000CA01}3620C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{3BF36828-4019-611D-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{3BF36828-402C-611D-3000-00000000CA01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000047955212Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.839{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C70E5F89F28CD644CC235B3E43D5A729,SHA256=0FEB33BFCD05648BD695640E8C144A2F56615DA504F2F6A739F89C2A040DF694,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x800000000000000047955211Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.417{3BF36828-63D8-6125-54F4-00000000CA01}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 10341000x800000000000000047955210Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.417{3BF36828-63D8-6125-54F4-00000000CA01}55764376C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{3BF36828-402C-611D-3000-00000000CA01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000047955209Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.417{3BF36828-63D8-6125-54F4-00000000CA01}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000047955208Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.417{3BF36828-63D8-6125-54F4-00000000CA01}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x800000000000000047955207Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.245{3BF36828-63D8-6125-54F4-00000000CA01}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000047955206Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.245{3BF36828-63D8-6125-54F4-00000000CA01}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=B6E99FD898E948657373BB02708C7C00,SHA256=90476029BD7AB0FEC53AAE567AE53BC0B09C7C5C8C7B8F19485BA872B74ED591,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000047955205Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.245{3BF36828-63D8-6125-54F4-00000000CA01}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000047955204Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.245{3BF36828-63D8-6125-54F4-00000000CA01}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000047955203Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.245{3BF36828-63D8-6125-54F4-00000000CA01}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000047955202Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.245{3BF36828-63D8-6125-54F4-00000000CA01}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000047955201Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.245{3BF36828-63D8-6125-54F4-00000000CA01}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000047955200Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.245{3BF36828-63D8-6125-54F4-00000000CA01}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000047955199Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.230{3BF36828-63D8-6125-54F4-00000000CA01}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000047955198Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.230{3BF36828-63D8-6125-54F4-00000000CA01}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000047955197Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.230{3BF36828-63D8-6125-54F4-00000000CA01}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000047955196Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.230{3BF36828-63D8-6125-54F4-00000000CA01}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000047955195Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.230{3BF36828-63D8-6125-54F4-00000000CA01}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000047955194Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.230{3BF36828-63D8-6125-54F4-00000000CA01}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=88632FDECDE467B887C3594BE2EC545C,SHA256=FFED4D80961917C785063411ED15CED1DB6588AD925E76D72E1BF684FFDBF25D,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000047955193Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.230{3BF36828-63D8-6125-54F4-00000000CA01}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000047955192Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.230{3BF36828-63D8-6125-54F4-00000000CA01}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000047955191Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.230{3BF36828-63D8-6125-54F4-00000000CA01}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000047955190Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.230{3BF36828-63D8-6125-54F4-00000000CA01}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000047955189Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.230{3BF36828-63D8-6125-54F4-00000000CA01}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000047955188Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.230{3BF36828-63D8-6125-54F4-00000000CA01}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000047955187Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.230{3BF36828-63D8-6125-54F4-00000000CA01}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000047955186Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.230{3BF36828-63D8-6125-54F4-00000000CA01}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000047955185Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.230{3BF36828-63D8-6125-54F4-00000000CA01}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000047955184Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.230{3BF36828-63D8-6125-54F4-00000000CA01}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4350 (rs1_release.210407-2154)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=BC930981DA6E598A6A2E87D8355CB38A,SHA256=34DB9A305C0574B5C1694A499221B520DFB2BFD894D8E95096ABF09F1182D758,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000047955183Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.230{3BF36828-63D8-6125-54F4-00000000CA01}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000047955182Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.230{3BF36828-63D8-6125-54F4-00000000CA01}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000047955181Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.230{3BF36828-63D8-6125-54F4-00000000CA01}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000047955180Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.230{3BF36828-63D8-6125-54F4-00000000CA01}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000047955179Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.230{3BF36828-63D8-6125-54F4-00000000CA01}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000047955178Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.230{3BF36828-63D8-6125-54F4-00000000CA01}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000047955177Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.230{3BF36828-63D8-6125-54F4-00000000CA01}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000047955176Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.230{3BF36828-63D8-6125-54F4-00000000CA01}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000047955175Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.230{3BF36828-63D8-6125-54F4-00000000CA01}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000047955174Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.230{3BF36828-63D8-6125-54F4-00000000CA01}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000047955173Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.230{3BF36828-63D8-6125-54F4-00000000CA01}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.2969 (rs1_release.190503-1820)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=F5442C4B9A99C3AED71BED79AC46DAD1,SHA256=05F47403F3BD93FB11F39A5CB4D6E4DD08B35FF4FA3D4969D8E5396D38FB484B,IMPHASH=D2F471BB25AF6310EB67BD4EA99B4DBCtrueMicrosoft WindowsValid 10341000x800000000000000047955172Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.230{3BF36828-402D-611D-3A00-00000000CA01}36083628C:\Windows\system32\conhost.exe{3BF36828-63D8-6125-54F4-00000000CA01}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000047955171Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.230{3BF36828-63D8-6125-54F4-00000000CA01}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000047955170Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.230{3BF36828-63D8-6125-54F4-00000000CA01}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000047955169Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.230{3BF36828-63D8-6125-54F4-00000000CA01}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 10341000x800000000000000047955168Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.230{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000047955167Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.230{3BF36828-63D8-6125-54F4-00000000CA01}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1CtrueSplunk, Inc.Valid 10341000x800000000000000047955166Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.230{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047955165Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.230{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047955164Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.230{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047955163Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.230{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047955162Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.230{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047955161Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.230{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047955160Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.230{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047955159Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.230{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047955158Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.230{3BF36828-4019-611D-0500-00000000CA01}408356C:\Windows\system32\csrss.exe{3BF36828-63D8-6125-54F4-00000000CA01}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000047955157Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.230{3BF36828-402C-611D-3000-00000000CA01}22204860C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3BF36828-63D8-6125-54F4-00000000CA01}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000047955156Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.215{3BF36828-63D8-6125-54F4-00000000CA01}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{3BF36828-4019-611D-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{3BF36828-402C-611D-3000-00000000CA01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000047955155Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.151{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9049C18A3696048DE7171F31476147E2,SHA256=7CFFFFCF8314D1DB32FF3B79BFF226FB964981AA58E3EC49AD64D3803C1924E5,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725283Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:45.595{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9A1082CD6307831C941CEEFB1BFD7573,SHA256=9602AE538859BC760B876AAB931887C5B89DF8422256D25576DF4816B5D77698,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955393Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.948{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=E67C0E98C40A3DBF0E513B0D28E2340B,SHA256=A0B65FAD9FF76E49589F87F150FFE9E557157B4202454499A93CB292A06572D7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955392Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.948{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DC986DBB20787105C06D3C3EA695FCA6,SHA256=EB86A731BF94A51A0F03B84E042CB6611189C7135B961CDC3D622BEBF32A9CFA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x800000000000000047955391Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.917{3BF36828-63D9-6125-57F4-00000000CA01}5288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000047955390Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.917{3BF36828-63D9-6125-57F4-00000000CA01}5288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=B6E99FD898E948657373BB02708C7C00,SHA256=90476029BD7AB0FEC53AAE567AE53BC0B09C7C5C8C7B8F19485BA872B74ED591,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000047955389Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.917{3BF36828-63D9-6125-57F4-00000000CA01}5288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000047955388Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.917{3BF36828-63D9-6125-57F4-00000000CA01}5288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000047955387Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.917{3BF36828-63D9-6125-57F4-00000000CA01}5288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000047955386Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.917{3BF36828-63D9-6125-57F4-00000000CA01}5288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000047955385Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.917{3BF36828-63D9-6125-57F4-00000000CA01}5288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000047955384Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.917{3BF36828-63D9-6125-57F4-00000000CA01}5288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000047955383Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.901{3BF36828-63D9-6125-57F4-00000000CA01}5288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sspicli.dll10.0.14393.2580 (rs1_release_inmarket.181009-1745)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=5061339CE61C0B32DB8F51A95E3B2422,SHA256=60558CA374334D4C6BBAD475921538C14A9FF3422893348A0503C1F33015FD25,IMPHASH=4B1C9487A6420C18F688F0EC5BEB6F33trueMicrosoft WindowsValid 734700x800000000000000047955382Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.901{3BF36828-63D9-6125-57F4-00000000CA01}5288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000047955381Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.901{3BF36828-63D9-6125-57F4-00000000CA01}5288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000047955380Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.901{3BF36828-63D9-6125-57F4-00000000CA01}5288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000047955379Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.901{3BF36828-63D9-6125-57F4-00000000CA01}5288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000047955378Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.901{3BF36828-63D9-6125-57F4-00000000CA01}5288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000047955377Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.901{3BF36828-63D9-6125-57F4-00000000CA01}5288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\combase.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=88632FDECDE467B887C3594BE2EC545C,SHA256=FFED4D80961917C785063411ED15CED1DB6588AD925E76D72E1BF684FFDBF25D,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000047955376Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.901{3BF36828-63D9-6125-57F4-00000000CA01}5288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000047955375Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.901{3BF36828-63D9-6125-57F4-00000000CA01}5288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000047955374Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.901{3BF36828-63D9-6125-57F4-00000000CA01}5288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000047955373Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.901{3BF36828-63D9-6125-57F4-00000000CA01}5288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000047955372Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.901{3BF36828-63D9-6125-57F4-00000000CA01}5288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000047955371Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.901{3BF36828-63D9-6125-57F4-00000000CA01}5288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000047955370Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.901{3BF36828-63D9-6125-57F4-00000000CA01}5288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000047955369Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.901{3BF36828-63D9-6125-57F4-00000000CA01}5288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000047955368Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.901{3BF36828-63D9-6125-57F4-00000000CA01}5288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000047955367Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.901{3BF36828-63D9-6125-57F4-00000000CA01}5288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000047955366Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.901{3BF36828-63D9-6125-57F4-00000000CA01}5288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000047955365Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.901{3BF36828-63D9-6125-57F4-00000000CA01}5288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000047955364Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.901{3BF36828-63D9-6125-57F4-00000000CA01}5288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000047955363Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.901{3BF36828-63D9-6125-57F4-00000000CA01}5288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000047955362Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.901{3BF36828-63D9-6125-57F4-00000000CA01}5288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000047955361Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.901{3BF36828-63D9-6125-57F4-00000000CA01}5288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000047955360Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.901{3BF36828-63D9-6125-57F4-00000000CA01}5288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\nsi.dll10.0.14393.3297 (rs1_release_1.191001-1045)NSI User-mode interface DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationnsi.dllMD5=994E2A6D2A0B38E0968B3998E42033AC,SHA256=491F2D1DE09C39B324BCF5800198AC7CCE755F4023F1FEB3854D33716461BC27,IMPHASH=B01B7830101BC0D5FBDE4FFE2B170CF7trueMicrosoft WindowsValid 734700x800000000000000047955359Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.901{3BF36828-63D9-6125-57F4-00000000CA01}5288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000047955358Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.901{3BF36828-63D9-6125-57F4-00000000CA01}5288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5,IMPHASH=0D8FF9DE2DA5C07D680347B1A098E759trueMicrosoft WindowsValid 734700x800000000000000047955357Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.901{3BF36828-63D9-6125-57F4-00000000CA01}5288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dnsapi.dll10.0.14393.4350 (rs1_release.210407-2154)DNS Client API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationdnsapiMD5=D7651F99299B13D576A72643BFC44944,SHA256=589302E630C473DBDF4CE92C59F00B029FCA0C228E7111A764166E16025FA1A9,IMPHASH=3C043C6FF0F62DAEB8819606F79C5ECCtrueMicrosoft WindowsValid 734700x800000000000000047955356Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.901{3BF36828-63D9-6125-57F4-00000000CA01}5288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\IPHLPAPI.DLL10.0.14393.2339 (rs1_release_inmarket.180611-1502)IP Helper APIMicrosoft® Windows® Operating SystemMicrosoft Corporationiphlpapi.dllMD5=3CD38EDF9CA12F91131EDEE32D1C9DF5,SHA256=AF2440640BF8BDEAAF0DECDD7C354158E415ED0AA340ABA7A6CCCDC09C1E728B,IMPHASH=98738BA55485CCA932F6D222F47FFC55trueMicrosoft WindowsValid 734700x800000000000000047955355Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.901{3BF36828-63D9-6125-57F4-00000000CA01}5288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\advapi32.dll10.0.14393.2969 (rs1_release.190503-1820)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=F5442C4B9A99C3AED71BED79AC46DAD1,SHA256=05F47403F3BD93FB11F39A5CB4D6E4DD08B35FF4FA3D4969D8E5396D38FB484B,IMPHASH=D2F471BB25AF6310EB67BD4EA99B4DBCtrueMicrosoft WindowsValid 734700x800000000000000047955354Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.901{3BF36828-63D9-6125-57F4-00000000CA01}5288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4350 (rs1_release.210407-2154)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=BC930981DA6E598A6A2E87D8355CB38A,SHA256=34DB9A305C0574B5C1694A499221B520DFB2BFD894D8E95096ABF09F1182D758,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000047955353Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.901{3BF36828-63D9-6125-57F4-00000000CA01}5288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000047955352Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.901{3BF36828-63D9-6125-57F4-00000000CA01}5288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 10341000x800000000000000047955351Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.901{3BF36828-402D-611D-3A00-00000000CA01}36083628C:\Windows\system32\conhost.exe{3BF36828-63D9-6125-57F4-00000000CA01}5288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000047955350Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.901{3BF36828-63D9-6125-57F4-00000000CA01}5288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000047955349Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.901{3BF36828-63D9-6125-57F4-00000000CA01}5288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000047955348Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.901{3BF36828-63D9-6125-57F4-00000000CA01}5288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 10341000x800000000000000047955347Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.901{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047955346Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.901{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000047955345Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.901{3BF36828-63D9-6125-57F4-00000000CA01}5288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exeMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AECtrueSplunk, Inc.Valid 10341000x800000000000000047955344Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.901{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047955343Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.901{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047955342Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.901{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047955341Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.901{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047955340Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.901{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047955339Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.901{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047955338Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.901{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047955337Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.901{3BF36828-4019-611D-0500-00000000CA01}408528C:\Windows\system32\csrss.exe{3BF36828-63D9-6125-57F4-00000000CA01}5288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000047955336Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.901{3BF36828-402C-611D-3000-00000000CA01}22204860C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3BF36828-63D9-6125-57F4-00000000CA01}5288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000047955335Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.893{3BF36828-63D9-6125-57F4-00000000CA01}5288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{3BF36828-4019-611D-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{3BF36828-402C-611D-3000-00000000CA01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000047955334Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.886{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=CD02B33381D682D4919A34FB1B1F20B5,SHA256=664F684F667329721901FF99EED8A1AB74F8DB22910DD7073A5E30A5AD5B049E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955333Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.792{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=639B23F08FA2A47E4D93587797ED0DD7,SHA256=03B884135A9D73B4F6E882C977F387D98DD014574904830EBC65B3C3DC7C0DEE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955332Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.730{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=7ECD184B295AB460E0639F709F14C35B,SHA256=6117B401C8976A52E3CB2AFF71B9D75809421CDA1032EBC7445C90BBF2C0CEE9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955331Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.667{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=78F564899AD20C98ECE1343BBCFD967F,SHA256=B627D022458B9D326852A37A9E4D1887F6953706FC607A576DFA22DDD0C7E2BA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x800000000000000047955330Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.573{3BF36828-63D9-6125-56F4-00000000CA01}4008C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000047955329Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.558{3BF36828-63D9-6125-56F4-00000000CA01}4008C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000047955328Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.558{3BF36828-63D9-6125-56F4-00000000CA01}4008C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 23542300x800000000000000047955327Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.526{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=5785DE2A8161A2D70B5584AA5A36793A,SHA256=393CA6EDC4B272B6A8CD9118F40F2D3C969BA7FA9FFA937058988FF117ABC19E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955326Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.433{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=4756CF23DD8B20CB222990996140E108,SHA256=45EFF7AAC81254AABCE4F39E079D7B2A2ADC9713A4D349CBAB816738005D33F7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x800000000000000047955325Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.401{3BF36828-63D9-6125-56F4-00000000CA01}4008C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000047955324Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.401{3BF36828-63D9-6125-56F4-00000000CA01}4008C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=B6E99FD898E948657373BB02708C7C00,SHA256=90476029BD7AB0FEC53AAE567AE53BC0B09C7C5C8C7B8F19485BA872B74ED591,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000047955323Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.401{3BF36828-63D9-6125-56F4-00000000CA01}4008C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000047955322Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.401{3BF36828-63D9-6125-56F4-00000000CA01}4008C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000047955321Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.401{3BF36828-63D9-6125-56F4-00000000CA01}4008C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000047955320Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.401{3BF36828-63D9-6125-56F4-00000000CA01}4008C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000047955319Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.401{3BF36828-63D9-6125-56F4-00000000CA01}4008C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000047955318Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.401{3BF36828-63D9-6125-56F4-00000000CA01}4008C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000047955317Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.401{3BF36828-63D9-6125-56F4-00000000CA01}4008C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000047955316Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.401{3BF36828-63D9-6125-56F4-00000000CA01}4008C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000047955315Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.401{3BF36828-63D9-6125-56F4-00000000CA01}4008C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000047955314Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.401{3BF36828-63D9-6125-56F4-00000000CA01}4008C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000047955313Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.401{3BF36828-63D9-6125-56F4-00000000CA01}4008C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000047955312Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.401{3BF36828-63D9-6125-56F4-00000000CA01}4008C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000047955311Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.401{3BF36828-63D9-6125-56F4-00000000CA01}4008C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\winspool.drv10.0.14393.4169 (rs1_release.210107-1130)Windows Spooler DriverMicrosoft® Windows® Operating SystemMicrosoft Corporationwinspool.drvMD5=D21FAA584F844E61375D95B5BE9115EE,SHA256=E221EA0081FDE7AAAD71A38016A8D470082B3732E9ED2D8ED7C97E9F41AF0045,IMPHASH=2005807FD04567B79F4109D23F9E6018trueMicrosoft WindowsValid 734700x800000000000000047955310Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.401{3BF36828-63D9-6125-56F4-00000000CA01}4008C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000047955309Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.401{3BF36828-63D9-6125-56F4-00000000CA01}4008C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000047955308Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.401{3BF36828-63D9-6125-56F4-00000000CA01}4008C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000047955307Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.401{3BF36828-63D9-6125-56F4-00000000CA01}4008C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000047955306Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.401{3BF36828-63D9-6125-56F4-00000000CA01}4008C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000047955305Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.401{3BF36828-63D9-6125-56F4-00000000CA01}4008C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\combase.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=88632FDECDE467B887C3594BE2EC545C,SHA256=FFED4D80961917C785063411ED15CED1DB6588AD925E76D72E1BF684FFDBF25D,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000047955304Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.386{3BF36828-63D9-6125-56F4-00000000CA01}4008C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000047955303Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.386{3BF36828-63D9-6125-56F4-00000000CA01}4008C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000047955302Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.386{3BF36828-63D9-6125-56F4-00000000CA01}4008C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000047955301Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.386{3BF36828-63D9-6125-56F4-00000000CA01}4008C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000047955300Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.386{3BF36828-63D9-6125-56F4-00000000CA01}4008C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000047955299Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.386{3BF36828-63D9-6125-56F4-00000000CA01}4008C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000047955298Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.386{3BF36828-63D9-6125-56F4-00000000CA01}4008C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000047955297Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.386{3BF36828-63D9-6125-56F4-00000000CA01}4008C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4350 (rs1_release.210407-2154)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=BC930981DA6E598A6A2E87D8355CB38A,SHA256=34DB9A305C0574B5C1694A499221B520DFB2BFD894D8E95096ABF09F1182D758,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000047955296Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.386{3BF36828-63D9-6125-56F4-00000000CA01}4008C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000047955295Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.386{3BF36828-63D9-6125-56F4-00000000CA01}4008C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000047955294Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.386{3BF36828-63D9-6125-56F4-00000000CA01}4008C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\advapi32.dll10.0.14393.2969 (rs1_release.190503-1820)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=F5442C4B9A99C3AED71BED79AC46DAD1,SHA256=05F47403F3BD93FB11F39A5CB4D6E4DD08B35FF4FA3D4969D8E5396D38FB484B,IMPHASH=D2F471BB25AF6310EB67BD4EA99B4DBCtrueMicrosoft WindowsValid 734700x800000000000000047955293Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.386{3BF36828-63D9-6125-56F4-00000000CA01}4008C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000047955292Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.386{3BF36828-63D9-6125-56F4-00000000CA01}4008C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000047955291Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.386{3BF36828-63D9-6125-56F4-00000000CA01}4008C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000047955290Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.386{3BF36828-63D9-6125-56F4-00000000CA01}4008C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 10341000x800000000000000047955289Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.386{3BF36828-402D-611D-3A00-00000000CA01}36083628C:\Windows\system32\conhost.exe{3BF36828-63D9-6125-56F4-00000000CA01}4008C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000047955288Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.386{3BF36828-63D9-6125-56F4-00000000CA01}4008C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000047955287Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.386{3BF36828-63D9-6125-56F4-00000000CA01}4008C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000047955286Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.386{3BF36828-63D9-6125-56F4-00000000CA01}4008C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000047955285Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.386{3BF36828-63D9-6125-56F4-00000000CA01}4008C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exeMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748trueSplunk, Inc.Valid 10341000x800000000000000047955284Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.386{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047955283Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.386{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047955282Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.386{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047955281Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.386{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047955280Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.386{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047955279Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.386{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047955278Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.386{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047955277Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.386{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047955276Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.386{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047955275Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.386{3BF36828-4019-611D-0500-00000000CA01}408424C:\Windows\system32\csrss.exe{3BF36828-63D9-6125-56F4-00000000CA01}4008C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000047955274Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.386{3BF36828-402C-611D-3000-00000000CA01}22204860C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3BF36828-63D9-6125-56F4-00000000CA01}4008C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000047955273Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.377{3BF36828-63D9-6125-56F4-00000000CA01}4008C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{3BF36828-4019-611D-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{3BF36828-402C-611D-3000-00000000CA01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000047955272Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.370{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=52E247EAAA452239F1232687E5CFADF8,SHA256=63430159CE2DB761F8B1CE2E9F358688AA1A032E3A2E9A1D4D56EF683388651D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955271Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.308{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A3F21C3A9348AE58E7C4202A955E9094,SHA256=D66181851E53DE739AB6F6A34675945D5F01E249C8496B4F3014973D943B81FA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x800000000000000047955270Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.043{3BF36828-63D8-6125-55F4-00000000CA01}3620C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 10341000x800000000000000047955269Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.043{3BF36828-63D8-6125-55F4-00000000CA01}36202264C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{3BF36828-402C-611D-3000-00000000CA01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000047955268Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.043{3BF36828-63D8-6125-55F4-00000000CA01}3620C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000047955267Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:45.043{3BF36828-63D8-6125-55F4-00000000CA01}3620C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 23542300x800000000000000030725284Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:46.692{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=837F91C31E2CD5D25633B2457A24A3FB,SHA256=F34AE081C4927C3E03D9D978C27CBDC8DAA271A7D30835393B60F2134CAF5282,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000047955455Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:46.745{3BF36828-63DA-6125-58F4-00000000CA01}1726120C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{3BF36828-402C-611D-3000-00000000CA01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000047955454Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:46.745{3BF36828-63DA-6125-58F4-00000000CA01}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000047955453Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:46.745{3BF36828-63DA-6125-58F4-00000000CA01}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 23542300x800000000000000047955452Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:46.698{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=E558603C5F6AF92A3439A37D1837222A,SHA256=267DF6BA59F895C7B321018AEDE2A9D52D5E8DFA268FE9B6F6EACB7BDEF4ADBA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x800000000000000047955451Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:46.605{3BF36828-63DA-6125-58F4-00000000CA01}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000047955450Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:46.605{3BF36828-63DA-6125-58F4-00000000CA01}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rsaenh.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=B6E99FD898E948657373BB02708C7C00,SHA256=90476029BD7AB0FEC53AAE567AE53BC0B09C7C5C8C7B8F19485BA872B74ED591,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000047955449Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:46.605{3BF36828-63DA-6125-58F4-00000000CA01}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000047955448Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:46.605{3BF36828-63DA-6125-58F4-00000000CA01}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000047955447Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:46.589{3BF36828-63DA-6125-58F4-00000000CA01}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000047955446Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:46.589{3BF36828-63DA-6125-58F4-00000000CA01}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000047955445Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:46.589{3BF36828-63DA-6125-58F4-00000000CA01}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000047955444Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:46.589{3BF36828-63DA-6125-58F4-00000000CA01}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000047955443Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:46.589{3BF36828-63DA-6125-58F4-00000000CA01}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000047955442Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:46.589{3BF36828-63DA-6125-58F4-00000000CA01}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000047955441Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:46.589{3BF36828-63DA-6125-58F4-00000000CA01}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000047955440Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:46.589{3BF36828-63DA-6125-58F4-00000000CA01}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000047955439Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:46.589{3BF36828-63DA-6125-58F4-00000000CA01}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000047955438Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:46.589{3BF36828-63DA-6125-58F4-00000000CA01}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000047955437Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:46.589{3BF36828-63DA-6125-58F4-00000000CA01}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000047955436Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:46.589{3BF36828-63DA-6125-58F4-00000000CA01}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000047955435Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:46.589{3BF36828-63DA-6125-58F4-00000000CA01}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000047955434Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:46.589{3BF36828-63DA-6125-58F4-00000000CA01}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000047955433Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:46.589{3BF36828-63DA-6125-58F4-00000000CA01}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000047955432Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:46.589{3BF36828-63DA-6125-58F4-00000000CA01}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000047955431Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:46.589{3BF36828-63DA-6125-58F4-00000000CA01}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000047955430Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:46.589{3BF36828-63DA-6125-58F4-00000000CA01}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000047955429Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:46.589{3BF36828-63DA-6125-58F4-00000000CA01}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000047955428Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:46.589{3BF36828-63DA-6125-58F4-00000000CA01}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\advapi32.dll10.0.14393.2969 (rs1_release.190503-1820)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=F5442C4B9A99C3AED71BED79AC46DAD1,SHA256=05F47403F3BD93FB11F39A5CB4D6E4DD08B35FF4FA3D4969D8E5396D38FB484B,IMPHASH=D2F471BB25AF6310EB67BD4EA99B4DBCtrueMicrosoft WindowsValid 734700x800000000000000047955427Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:46.589{3BF36828-63DA-6125-58F4-00000000CA01}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000047955426Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:46.589{3BF36828-63DA-6125-58F4-00000000CA01}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000047955425Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:46.589{3BF36828-63DA-6125-58F4-00000000CA01}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000047955424Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:46.589{3BF36828-63DA-6125-58F4-00000000CA01}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000047955423Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:46.589{3BF36828-63DA-6125-58F4-00000000CA01}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4350 (rs1_release.210407-2154)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=BC930981DA6E598A6A2E87D8355CB38A,SHA256=34DB9A305C0574B5C1694A499221B520DFB2BFD894D8E95096ABF09F1182D758,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000047955422Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:46.589{3BF36828-63DA-6125-58F4-00000000CA01}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000047955421Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:46.589{3BF36828-63DA-6125-58F4-00000000CA01}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\combase.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=88632FDECDE467B887C3594BE2EC545C,SHA256=FFED4D80961917C785063411ED15CED1DB6588AD925E76D72E1BF684FFDBF25D,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000047955420Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:46.589{3BF36828-63DA-6125-58F4-00000000CA01}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000047955419Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:46.589{3BF36828-63DA-6125-58F4-00000000CA01}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000047955418Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:46.589{3BF36828-63DA-6125-58F4-00000000CA01}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000047955417Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:46.589{3BF36828-63DA-6125-58F4-00000000CA01}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000047955416Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:46.589{3BF36828-63DA-6125-58F4-00000000CA01}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 10341000x800000000000000047955415Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:46.589{3BF36828-402D-611D-3A00-00000000CA01}36083628C:\Windows\system32\conhost.exe{3BF36828-63DA-6125-58F4-00000000CA01}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000047955414Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:46.589{3BF36828-63DA-6125-58F4-00000000CA01}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000047955413Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:46.589{3BF36828-63DA-6125-58F4-00000000CA01}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000047955412Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:46.589{3BF36828-63DA-6125-58F4-00000000CA01}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 10341000x800000000000000047955411Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:46.589{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047955410Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:46.589{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000047955409Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:46.589{3BF36828-63DA-6125-58F4-00000000CA01}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exeMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165trueSplunk, Inc.Valid 10341000x800000000000000047955408Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:46.589{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047955407Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:46.589{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047955406Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:46.573{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047955405Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:46.573{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047955404Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:46.573{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047955403Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:46.573{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047955402Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:46.573{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047955401Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:46.573{3BF36828-4019-611D-0500-00000000CA01}408424C:\Windows\system32\csrss.exe{3BF36828-63DA-6125-58F4-00000000CA01}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000047955400Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:46.573{3BF36828-402C-611D-3000-00000000CA01}22204860C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3BF36828-63DA-6125-58F4-00000000CA01}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000047955399Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:46.574{3BF36828-63DA-6125-58F4-00000000CA01}172C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{3BF36828-4019-611D-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{3BF36828-402C-611D-3000-00000000CA01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000047955398Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:46.511{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D7B0B3A988D4C5C21BC6B68F41B25EBA,SHA256=3276F8056080289CD99693BD14F03585CD049E1A1F9B749DF084CFB2EC3FDA41,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x800000000000000047955397Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:46.058{3BF36828-63D9-6125-57F4-00000000CA01}5288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000047955396Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:46.042{3BF36828-63D9-6125-57F4-00000000CA01}5288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000047955395Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:46.042{3BF36828-63D9-6125-57F4-00000000CA01}5288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 23542300x800000000000000047955394Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:46.011{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=DDC068DE2245A350BADE73D1DDFEBD80,SHA256=C77C2CFF83FC4C57A2606BC43FF2A7C20E56322EDBDC3EA8A2DD8B2191EAF079,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725285Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:47.727{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=34871F90EBB1E9512A08AFB93FB3B5DF,SHA256=E4F2EBBD27AB2D2603FEE68FB25E16CFFC264A5A5D1B35EA052616EBCAD251EC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955521Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:47.542{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=98376BA3013322259A04B066DF004B4B,SHA256=2C2626DBEAEEC11596B405DEEE4D9E3956714C13ECC98D32BA6C640A9C991414,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955520Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:47.511{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=ACF7EE864C1ADE75445A4DF341CB16EC,SHA256=BE75C01580E65D5BD627749E5A474D01C16455E971BFE5D7C0D6EEE56C43EF13,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955519Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:47.448{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=DDFDB4238A75D32E295A94F1798CBBB9,SHA256=3F7366B173F5A1816355C54C32358140AC310DF4E7D3E1A78CC96805E0FC21E9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955518Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:47.386{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B324B184EA00A7D2F204C983988DDDFF,SHA256=FC1E50B50B945E164E984D5B9D46FF0FE0471E5AEC85794EF213E0B91E9FFA91,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955517Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:47.308{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3CDB86E7E9A9A8230D67FEF24E57B9CF,SHA256=D02FCD6EB6814E22F119126F6D67AA33A9E9E0247A13BC701571A2B1DBE56DF9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x800000000000000047955516Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:47.276{3BF36828-63DB-6125-59F4-00000000CA01}108C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 10341000x800000000000000047955515Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:47.276{3BF36828-63DB-6125-59F4-00000000CA01}1082744C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{3BF36828-402C-611D-3000-00000000CA01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000047955514Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:47.276{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=877E6B60F7121385DB9915033F9E5E24,SHA256=030B30E0021CFBE9DAF0B6F7DAA1D770ABBD2F777B7CC1588131F4863513667C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x800000000000000047955513Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:47.261{3BF36828-63DB-6125-59F4-00000000CA01}108C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000047955512Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:47.261{3BF36828-63DB-6125-59F4-00000000CA01}108C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 23542300x800000000000000047955511Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:47.183{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F7F444B251D5D7F04D078615AB64887F,SHA256=EB0E695F26C7D3FB43B1D9E4F70034CB4632E8B83059AA09F04AFD1EBA37A891,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x800000000000000047955510Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:47.136{3BF36828-63DB-6125-59F4-00000000CA01}108C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000047955509Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:47.136{3BF36828-63DB-6125-59F4-00000000CA01}108C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=B6E99FD898E948657373BB02708C7C00,SHA256=90476029BD7AB0FEC53AAE567AE53BC0B09C7C5C8C7B8F19485BA872B74ED591,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000047955508Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:47.136{3BF36828-63DB-6125-59F4-00000000CA01}108C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000047955507Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:47.136{3BF36828-63DB-6125-59F4-00000000CA01}108C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000047955506Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:47.120{3BF36828-63DB-6125-59F4-00000000CA01}108C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000047955505Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:47.120{3BF36828-63DB-6125-59F4-00000000CA01}108C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000047955504Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:47.120{3BF36828-63DB-6125-59F4-00000000CA01}108C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000047955503Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:47.120{3BF36828-63DB-6125-59F4-00000000CA01}108C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000047955502Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:47.120{3BF36828-63DB-6125-59F4-00000000CA01}108C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000047955501Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:47.120{3BF36828-63DB-6125-59F4-00000000CA01}108C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000047955500Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:47.105{3BF36828-63DB-6125-59F4-00000000CA01}108C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000047955499Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:47.105{3BF36828-63DB-6125-59F4-00000000CA01}108C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000047955498Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:47.105{3BF36828-63DB-6125-59F4-00000000CA01}108C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000047955497Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:47.105{3BF36828-63DB-6125-59F4-00000000CA01}108C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000047955496Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:47.105{3BF36828-63DB-6125-59F4-00000000CA01}108C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000047955495Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:47.105{3BF36828-63DB-6125-59F4-00000000CA01}108C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\combase.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=88632FDECDE467B887C3594BE2EC545C,SHA256=FFED4D80961917C785063411ED15CED1DB6588AD925E76D72E1BF684FFDBF25D,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000047955494Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:47.105{3BF36828-63DB-6125-59F4-00000000CA01}108C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000047955493Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:47.105{3BF36828-63DB-6125-59F4-00000000CA01}108C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000047955492Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:47.105{3BF36828-63DB-6125-59F4-00000000CA01}108C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000047955491Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:47.105{3BF36828-63DB-6125-59F4-00000000CA01}108C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000047955490Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:47.105{3BF36828-63DB-6125-59F4-00000000CA01}108C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000047955489Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:47.105{3BF36828-63DB-6125-59F4-00000000CA01}108C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000047955488Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:47.105{3BF36828-63DB-6125-59F4-00000000CA01}108C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000047955487Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:47.105{3BF36828-63DB-6125-59F4-00000000CA01}108C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000047955486Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:47.105{3BF36828-63DB-6125-59F4-00000000CA01}108C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000047955485Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:47.105{3BF36828-63DB-6125-59F4-00000000CA01}108C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4350 (rs1_release.210407-2154)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=BC930981DA6E598A6A2E87D8355CB38A,SHA256=34DB9A305C0574B5C1694A499221B520DFB2BFD894D8E95096ABF09F1182D758,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000047955484Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:47.105{3BF36828-63DB-6125-59F4-00000000CA01}108C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000047955483Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:47.105{3BF36828-63DB-6125-59F4-00000000CA01}108C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000047955482Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:47.105{3BF36828-63DB-6125-59F4-00000000CA01}108C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000047955481Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:47.105{3BF36828-63DB-6125-59F4-00000000CA01}108C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000047955480Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:47.105{3BF36828-63DB-6125-59F4-00000000CA01}108C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000047955479Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:47.105{3BF36828-63DB-6125-59F4-00000000CA01}108C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000047955478Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:47.105{3BF36828-63DB-6125-59F4-00000000CA01}108C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000047955477Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:47.105{3BF36828-63DB-6125-59F4-00000000CA01}108C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5,IMPHASH=0D8FF9DE2DA5C07D680347B1A098E759trueMicrosoft WindowsValid 734700x800000000000000047955476Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:47.105{3BF36828-63DB-6125-59F4-00000000CA01}108C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000047955475Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:47.105{3BF36828-63DB-6125-59F4-00000000CA01}108C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\advapi32.dll10.0.14393.2969 (rs1_release.190503-1820)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=F5442C4B9A99C3AED71BED79AC46DAD1,SHA256=05F47403F3BD93FB11F39A5CB4D6E4DD08B35FF4FA3D4969D8E5396D38FB484B,IMPHASH=D2F471BB25AF6310EB67BD4EA99B4DBCtrueMicrosoft WindowsValid 10341000x800000000000000047955474Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:47.105{3BF36828-402D-611D-3A00-00000000CA01}36083628C:\Windows\system32\conhost.exe{3BF36828-63DB-6125-59F4-00000000CA01}108C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000047955473Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:47.105{3BF36828-63DB-6125-59F4-00000000CA01}108C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000047955472Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:47.105{3BF36828-63DB-6125-59F4-00000000CA01}108C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 10341000x800000000000000047955471Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:47.105{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047955470Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:47.105{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047955469Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:47.105{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047955468Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:47.105{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047955467Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:47.105{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000047955466Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:47.105{3BF36828-63DB-6125-59F4-00000000CA01}108C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 10341000x800000000000000047955465Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:47.105{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047955464Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:47.105{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000047955463Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:47.105{3BF36828-63DB-6125-59F4-00000000CA01}108C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exeMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25trueSplunk, Inc.Valid 10341000x800000000000000047955462Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:47.105{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047955461Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:47.105{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047955460Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:47.105{3BF36828-4019-611D-0500-00000000CA01}408424C:\Windows\system32\csrss.exe{3BF36828-63DB-6125-59F4-00000000CA01}108C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000047955459Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:47.105{3BF36828-402C-611D-3000-00000000CA01}22204860C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3BF36828-63DB-6125-59F4-00000000CA01}108C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000047955458Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:47.094{3BF36828-63DB-6125-59F4-00000000CA01}108C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{3BF36828-4019-611D-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{3BF36828-402C-611D-3000-00000000CA01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000047955457Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:47.089{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A30277EE05DBAD23C0520A3EA5B08A6F,SHA256=B967A62D87CA70FAB2C85371B14C288C99005A1DAA962CA1ECD5D6B8BE373B57,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955456Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:47.058{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B3C5DD11CB70E81A7216CBDE79A29471,SHA256=22D4BF1914E963FD325F5060D422B9B9EC186DB2C5D07A0B3A7600F299DE7B4D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725287Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:48.742{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=60CF16052A86FCAEFBC0E43FCCB0CCE3,SHA256=F7DC0CD2BA2A9573FC4A143C83804756EFC4AE5559139C6711179BEFA5570DC4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000047955524Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:44.031{3BF36828-4037-611D-7100-00000000CA01}4948C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local53774-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000047955523Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:48.558{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C7848923BE20CA755DDE828838DEB6DC,SHA256=543626CCBAC6A5A53ACD3A864BBD4CC5A613608E41A9C5650C9A591AF59D4E79,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000030725286Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:53.103{B81B27B7-401D-611D-6900-00000000C801}3616C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58854-false10.0.1.12-8000- 23542300x800000000000000047955522Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:48.183{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=5A7B933F923CCD4EE63E67A3F2BD93D9,SHA256=6201CE4A97D2FC179DD291EE30956008D9B3AB4750A02966E3DA9B2CB8392BCB,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725288Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:49.756{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F3A978252AC652506021179A29DEC591,SHA256=1DD020F99803755D79D737F09E7CCC54EEE69B900B64F1D305E4C5087B45CD72,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955526Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:49.605{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7158127FFE67CA9CABD2180FBF08DD20,SHA256=C800D039D0B42D5E656A352B1D5E0B13220C3BBC769C6E58ED2B4BCA077F268D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955525Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:49.433{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=1C8BA65B697984E613EDE0FFBAD18C5F,SHA256=FE6F9552010014838D8EEC9DCDCAA7512ACAA12D34F5102A7EFCBE7100316CD1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955528Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:50.776{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=BE5B8496F4A421C06062E7BF522FE1F4,SHA256=836F033DF3754A31EA8597D63392AE590D28F4FCA8525BBEF4320DA289D868E0,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955527Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:50.776{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6DA44439CEE228317499BD37A02D7DB6,SHA256=8F6780B3589AB9A90399E6A3D32227EB6DE0F2F4E39A098E72E9986B5018191D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725289Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:50.771{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CE392E02C12AFA733E8743ABCE838662,SHA256=225954259ABC53927278B26DBF7AA34D82AB4CE8553EFB60BE52B0E560AC89CA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955530Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:51.917{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=29D7A73D0A15A204775C35D4CDAD0950,SHA256=40692CDE0D4804709FBFE413A80B2B626B8AF0ADE767CFE7F9A2979DA1ECF042,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955529Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:51.917{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BF5F0ED2A64D00E2767F61656534AF01,SHA256=7C3F367CE8422BE74130B2AC8A76DD1E2D515288BD3576533E367F0D47A4E41E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725290Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:51.789{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DC6796505A09538CA7ACD14CF7172C88,SHA256=EE5FC04B6F476A36C636E9D8E407D00F57B20F9FC4C93B10B3D4F6634F267556,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725291Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:52.822{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2D2AFB9BCF8AAA58DDDDA9DE6E979094,SHA256=9237C43226E4E4231BC75011AAD9551B146B83071B84D0617A2B860E6009847B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000047955531Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:52.808{3BF36828-401B-611D-0D00-00000000CA01}8962320C:\Windows\system32\svchost.exe{3BF36828-401B-611D-0F00-00000000CA01}296C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+b157|c:\windows\system32\rpcss.dll+7897|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000030725293Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:53.852{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D8B7AAAD02A9EE0F6CD2D55B3DA80FBA,SHA256=5E25CC8A7154F86AACDB68621E7061E0C3643476CC51752DDA9D79EA6BD23F77,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000047955534Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:49.968{3BF36828-4037-611D-7100-00000000CA01}4948C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local53775-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000047955533Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:53.573{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=1C5B5E04AB91B9F8449BF030F4B52A50,SHA256=47B435D181FF0A173C22EA23158B094CD265B1013CEF3B2E9AD233EAF965E327,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955532Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:53.151{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FE7E409ACF43918F83064A1E0BAFFDD3,SHA256=0AE0DF8D1394F0ED7635DFF21D8C90452B13D0DBD580110B56AF2ED533FFA011,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000030725292Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:58.998{B81B27B7-401D-611D-6900-00000000C801}3616C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58855-false10.0.1.12-8000- 23542300x800000000000000047955536Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:54.714{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=85A3F78A9CEED092990CB563D5D4DF0C,SHA256=06087B5B68CA8E81667EF081C4850934832FE950E9A4B4698842CABAD9848FB8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955535Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:54.230{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=418726077B8E471B4EB52882AE8F6A23,SHA256=902F31C9FA80AD70D656DE7462D8D0ADD901FB456B502B37AEFE4D3C1C40F35E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000030725324Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:54.767{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4012-611D-0B00-00000000C801}636C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725323Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:54.767{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4012-611D-0B00-00000000C801}636C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725322Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:54.767{B81B27B7-4012-611D-0B00-00000000C801}6361736C:\Windows\system32\lsass.exe{B81B27B7-4013-611D-1600-00000000C801}1196C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+1a18d|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725321Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:54.736{B81B27B7-4013-611D-1600-00000000C801}11966328C:\Windows\system32\svchost.exe{B81B27B7-63E2-6125-6700-01000000C801}5176C:\Windows\system32\wbem\wmiprvse.exe0x101541C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\wmiprvsd.dll+20fee|C:\Windows\system32\wbem\wmiprvsd.dll+43f7|C:\Windows\system32\wbem\wmiprvsd.dll+3ef6a|C:\Windows\system32\wbem\wmiprvsd.dll+1498a|C:\Windows\system32\wbem\wmiprvsd.dll+146e6|C:\Windows\system32\wbem\wmiprvsd.dll+140fe|C:\Windows\system32\wbem\wbemcore.dll+b920|C:\Windows\system32\wbem\wbemcore.dll+255ff|C:\Windows\system32\wbem\wbemcore.dll+24a9a|C:\Windows\system32\wbem\wbemcore.dll+2485e|C:\Windows\system32\wbem\wbemcore.dll+dc51|C:\Windows\system32\wbem\wbemcore.dll+2cfdf|C:\Windows\system32\wbem\wbemcore.dll+22adf|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+22711|C:\Windows\system32\wbem\wbemcore.dll+2d78c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725320Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:54.736{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-63E2-6125-6700-01000000C801}5176C:\Windows\system32\wbem\wmiprvse.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725319Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:54.721{B81B27B7-4012-611D-0500-00000000C801}420984C:\Windows\system32\csrss.exe{B81B27B7-63E2-6125-6700-01000000C801}5176C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000030725318Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:54.721{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-63E2-6125-6700-01000000C801}5176C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\rpcss.dll+35069|c:\windows\system32\rpcss.dll+3a852|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725317Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:54.689{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4012-611D-0B00-00000000C801}636C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725316Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:54.689{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4012-611D-0B00-00000000C801}636C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725315Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:54.689{B81B27B7-4012-611D-0B00-00000000C801}6361736C:\Windows\system32\lsass.exe{B81B27B7-4013-611D-1600-00000000C801}1196C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+1a18d|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725314Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:54.667{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-63E2-6125-6600-01000000C801}6736C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725313Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:54.667{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-63E2-6125-6600-01000000C801}6736C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725312Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:54.667{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-63E2-6125-6600-01000000C801}6736C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725311Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:54.667{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-63E2-6125-6600-01000000C801}6736C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725310Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:54.652{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-63E2-6125-6600-01000000C801}6736C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725309Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:54.652{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-63E2-6125-6600-01000000C801}6736C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725308Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:54.652{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-63E2-6125-6600-01000000C801}6736C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725307Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:54.652{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-63E2-6125-6600-01000000C801}6736C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725306Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:54.652{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-63E2-6125-6600-01000000C801}6736C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725305Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:54.652{B81B27B7-4012-611D-0B00-00000000C801}6361736C:\Windows\system32\lsass.exe{B81B27B7-63E2-6125-6600-01000000C801}6736C:\Windows\system32\wbem\wmiprvse.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725304Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:54.652{B81B27B7-4012-611D-0B00-00000000C801}6361736C:\Windows\system32\lsass.exe{B81B27B7-63E2-6125-6600-01000000C801}6736C:\Windows\system32\wbem\wmiprvse.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725303Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:54.652{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4012-611D-0B00-00000000C801}636C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725302Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:54.652{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4012-611D-0B00-00000000C801}636C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725301Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:54.652{B81B27B7-4012-611D-0B00-00000000C801}6361736C:\Windows\system32\lsass.exe{B81B27B7-4013-611D-1600-00000000C801}1196C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+1a18d|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725300Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:54.605{B81B27B7-4013-611D-1600-00000000C801}11966304C:\Windows\system32\svchost.exe{B81B27B7-63E2-6125-6600-01000000C801}6736C:\Windows\system32\wbem\wmiprvse.exe0x101541C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\wmiprvsd.dll+20fee|C:\Windows\system32\wbem\wmiprvsd.dll+43f7|C:\Windows\system32\wbem\wmiprvsd.dll+15538|C:\Windows\system32\wbem\wmiprvsd.dll+1498a|C:\Windows\system32\wbem\wmiprvsd.dll+146e6|C:\Windows\system32\wbem\wmiprvsd.dll+140fe|C:\Windows\system32\wbem\wbemcore.dll+2227|C:\Windows\system32\wbem\wbemcore.dll+13f4|C:\Windows\system32\wbem\wbemcore.dll+22adf|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+22711|C:\Windows\system32\wbem\wbemcore.dll+2d78c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725299Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:54.605{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-63E2-6125-6600-01000000C801}6736C:\Windows\system32\wbem\wmiprvse.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725298Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:54.589{B81B27B7-4012-611D-0500-00000000C801}420984C:\Windows\system32\csrss.exe{B81B27B7-63E2-6125-6600-01000000C801}6736C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000030725297Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:54.589{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-63E2-6125-6600-01000000C801}6736C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\rpcss.dll+35069|c:\windows\system32\rpcss.dll+3a852|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725296Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:54.569{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4012-611D-0B00-00000000C801}636C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725295Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:54.569{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4012-611D-0B00-00000000C801}636C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725294Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:54.569{B81B27B7-4012-611D-0B00-00000000C801}6361736C:\Windows\system32\lsass.exe{B81B27B7-4013-611D-1600-00000000C801}1196C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+1a18d|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000030725327Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:55.581{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A30065CEB343C83A1C7A52F162D783EF,SHA256=F20EBC01B5B4975BCB9CD522F27DC2ADFE6F20DB2913FB1B4B783318F37AA239,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725326Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:55.580{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=3E92811467FA9B4270683D09A415553F,SHA256=6AC900413BB87218C58BCA77BA74FC7F96FA06C85CA1E655D62A8555165701B2,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725325Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:55.236{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BE4C66DE312907E8B177F174C66EBA5E,SHA256=A82E9ED47322878F5F2B3F40095E8F15AF36851E1318E5D6D12E284E05814FAB,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955538Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:55.689{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=9573142433E6D4416B89B580F334BEA5,SHA256=5EADB7E23DB91440041AAC2D155F573D5D87BE8154C86C2E0E022E11DD61A373,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955537Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:55.245{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BCA5BF3AE9AD5A4E2E36D953EA050D62,SHA256=A45A37EA7FE6C865301E59BA5DF2B9D6D684D6618A8F13EB249396C12F922AD1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000030725332Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:56.526{B81B27B7-4013-611D-1600-00000000C801}11964984C:\Windows\system32\svchost.exe{B81B27B7-63E4-6125-6800-01000000C801}828C:\Windows\system32\wbem\wmiprvse.exe0x101541C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\wmiprvsd.dll+20fee|C:\Windows\system32\wbem\wmiprvsd.dll+2dbe|C:\Windows\system32\wbem\wmiprvsd.dll+155e9|C:\Windows\system32\wbem\wmiprvsd.dll+1498a|C:\Windows\system32\wbem\wmiprvsd.dll+146e6|C:\Windows\system32\wbem\wmiprvsd.dll+140fe|C:\Windows\system32\wbem\wbemcore.dll+2227|C:\Windows\system32\wbem\wbemcore.dll+13f4|C:\Windows\system32\wbem\wbemcore.dll+22adf|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+22711|C:\Windows\system32\wbem\wbemcore.dll+2d78c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725331Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:56.526{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-63E4-6125-6800-01000000C801}828C:\Windows\system32\wbem\wmiprvse.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725330Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:56.495{B81B27B7-4012-611D-0500-00000000C801}420436C:\Windows\system32\csrss.exe{B81B27B7-63E4-6125-6800-01000000C801}828C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000030725329Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:56.495{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-63E4-6125-6800-01000000C801}828C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\rpcss.dll+35069|c:\windows\system32\rpcss.dll+3a852|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000030725328Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:56.338{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2D56A3BBFDB79F9C54834A7DB87B7F9B,SHA256=694EE12A2A27BD36833B4F211FAD8AA6D3B43E19C1AF4BFEB942EE5EFBE50752,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955540Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:56.939{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=FD5B4834B5A6CFF451668B0EB8B976DD,SHA256=2482B01FA0AF69D3EE63D0F14901F5EBEAA55A9AF1A489F319DE4A90F82BFBD9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955539Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:56.267{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6A3C469A45126F0B7D54C52B42EA369A,SHA256=C978295862FF99EE39EA2C33763F01A28BFDB9F9CC42E3787BDAE342F376E40A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955541Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:57.267{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0DDCEDF13938586720D1ACA4AA543EF3,SHA256=B7C72FD65043FC603B0C2B346E32937B3BC18CB45143D215D74931E475C84E96,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725334Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:57.558{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A30065CEB343C83A1C7A52F162D783EF,SHA256=F20EBC01B5B4975BCB9CD522F27DC2ADFE6F20DB2913FB1B4B783318F37AA239,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725333Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:57.359{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1306829D7871641C4C292DBE5D046CE9,SHA256=220747B4F8D52F9C7D54B25F104FB4D75314714C3B25B809895F3611A833E553,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955543Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:58.439{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=AE779BF505F5CCD7E9F2CF8C44A4858F,SHA256=A49F635D2A2261FD078E40415353BFF1FBBA744060A1DA26A69AEE9DD168F285,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955542Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:58.439{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=56E7B1340B0443A9FB01A2C09CCE537F,SHA256=23F2EAC79775E9A20101119E05046ECE1475465CB1EE7E16A881D1C790064EC9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725335Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:58.375{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B185FA06EE9C519091D607BCD6D862A4,SHA256=116D30B13C5A15D5F73D533A461CEA877D53B6E8A177A28D38F194FF5B62B314,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955545Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:59.498{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A12D8708E890374C3C35CCB139259C83,SHA256=B91E67754E984866E0ED3B1BA21520073CC91D0ADD98834353C09D3D1030DDB4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000030725337Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:04.103{B81B27B7-401D-611D-6900-00000000C801}3616C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58856-false10.0.1.12-8000- 23542300x800000000000000030725336Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:25:59.394{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3FE3AAA4B5BC835ABBA2BE9FE3B0ECA7,SHA256=D61768DE9EF2E19E8D764D71B5C864C6B9C818184C71517E4439DFAFD12C8EE1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955544Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:59.092{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=5EE698B9BFFB68CC79D846C5018F9613,SHA256=02125106455B6C610D21E861A4F30DB573128956725E1FBD85E5D2A07EEA3420,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955548Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:00.673{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A10BED9DD486BB174333E4B2C46E1B01,SHA256=D237144F22EAA99238126C8E6538DF0D2755FAE8BE824D46DDDF04DF7BC7F924,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955547Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:00.501{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=668C085A65B0C86E99E871810D29AF00,SHA256=C0375ADBA23B4581EA053FF9C1414CC52698A78E7DE295A08A0F72FFFC91CAE3,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725339Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:00.425{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8C73D0BE3E25D6D41CF584FB515CE7F6,SHA256=55460A5D9D159261C6FE4737A5EC0D242306A942C71B5AFE503BE0CCE7D6CCEA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000047955546Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:25:55.880{3BF36828-4037-611D-7100-00000000CA01}4948C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local53776-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000030725338Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:00.156{B81B27B7-4012-611D-1100-00000000C801}968NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=E4215781DBAAEB5C661877F6C91BBED2,SHA256=E1E71F534B5A21CE7D4CCB3DBC310EFF84E9CC4E6D23CD5D415748B6016A1FAF,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955550Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:01.782{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=9D03F246FE0C660E7D04DAEC1B60C9B2,SHA256=3A139E74050C611101EDD37D68067B8A0342275F56981DA0F22B058392365DE2,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955549Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:01.516{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F4792F9199BAF13C451D34E9263DCB3E,SHA256=8E8286D160CF78E92F09FB9FCE437E3A10E8057F735E04EC6967324F9363EBB7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725340Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:01.456{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4408719946B830C828556CE0D4FB906F,SHA256=C14E1009A479A057902836F4BC72F88D5063B8BAB4E2006EBDCA323824435974,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955552Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:02.845{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=8197BB173DA4E1336D6D5A214AA7841E,SHA256=AD68E08B5B7D8CF24F39E68F5F029D63AA1BDA9F480473F022329832DB455255,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955551Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:02.548{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=979161E97FF958A53E837E86E6A45632,SHA256=358E2C8F1AB86FC3568506BA3DFEC2CCDBFABFC75884A6D4DF039BC8C61455B5,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725341Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:02.458{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=963D9B0F53B431BA3CDCA1195667ACC6,SHA256=29C710F3EFD5A4AABA336A7231262908ADD5EF3EB29645FEF091A8401BBC3892,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955553Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:03.595{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6AB366670EAD8113F595AD88149352D0,SHA256=6947E2EA176D8A00CD1816168B97B742B9D4F628951D9BBE81C77708D19239C4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000030725350Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:03.857{B81B27B7-4014-611D-3000-00000000C801}31443164C:\Windows\system32\conhost.exe{B81B27B7-63EB-6125-6900-01000000C801}2416C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725349Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:03.857{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725348Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:03.857{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725347Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:03.857{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725346Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:03.857{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725345Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:03.857{B81B27B7-4012-611D-0500-00000000C801}420436C:\Windows\system32\csrss.exe{B81B27B7-63EB-6125-6900-01000000C801}2416C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000030725344Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:03.857{B81B27B7-4013-611D-2700-00000000C801}20763760C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{B81B27B7-63EB-6125-6900-01000000C801}2416C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000030725343Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:03.842{B81B27B7-63EB-6125-6900-01000000C801}2416C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{B81B27B7-4012-611D-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{B81B27B7-4013-611D-2700-00000000C801}2076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000030725342Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:03.475{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ED7D667F2E174263328ECAB9C08F0876,SHA256=CF0F06DD055C9EDAFC2EF4ABD1C92F6E76C96D293ED343FC7F9BAD8ADDE58574,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955555Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:04.626{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E2200AED2820EB42F8CF30DCF2D7F9F9,SHA256=4078ACEFD75E79E09E48F1A3915460E34AF534DF3B945B1AA6AB67A96F7E7142,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725362Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:04.875{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=8DC92F5E25EBA0A54A286A21B2FF7B99,SHA256=37B0BE379C8A003B40389A7E24B84B185F82AE3BD3E59485AC6425D5C77ACE52,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725361Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:04.875{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=6308AD1CCFAFC0865C384572F0C24B5A,SHA256=44B902ED2A55FEE23B5BD2CE97DFE62CC2667EB44E183CF87160A24BC38753EC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000030725360Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:04.556{B81B27B7-4014-611D-3000-00000000C801}31443164C:\Windows\system32\conhost.exe{B81B27B7-63EC-6125-6A00-01000000C801}6624C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725359Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:04.556{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725358Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:04.556{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725357Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:04.556{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725356Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:04.556{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725355Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:04.556{B81B27B7-4012-611D-0500-00000000C801}420536C:\Windows\system32\csrss.exe{B81B27B7-63EC-6125-6A00-01000000C801}6624C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000030725354Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:04.556{B81B27B7-4013-611D-2700-00000000C801}20763760C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{B81B27B7-63EC-6125-6A00-01000000C801}6624C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000030725353Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:04.541{B81B27B7-63EC-6125-6A00-01000000C801}6624C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{B81B27B7-4012-611D-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{B81B27B7-4013-611D-2700-00000000C801}2076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000030725352Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:04.525{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=17AC3E8777B08146CB9D7EA5411A3287,SHA256=FD080A437F935B6D9DAF7C7ABB38BA17A45D5ED83F56D9A277F1F37B25B9AB4E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955554Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:04.048{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=CE13D66BA682A32FC9C6C32A749E3D29,SHA256=3FB8604A8ED0046444AEA6F2D6F34C618C1DECFDF5DC2AEAE5DC97CEA88861FE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000030725351Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:04.025{B81B27B7-63EB-6125-6900-01000000C801}24164316C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{B81B27B7-4013-611D-2700-00000000C801}2076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000047955560Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:05.845{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=85D7397BEAF418E0E74F0F73470DC865,SHA256=A031BA8FC8F1A826563739C6D2A1D224F056E30BF1E9DDFABD7903F679995E3D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000030725364Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:09.969{B81B27B7-401D-611D-6900-00000000C801}3616C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58857-false10.0.1.12-8000- 23542300x800000000000000030725363Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:05.540{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D8F69B3D502F24609ADF3232C16B8C0F,SHA256=45975A19D3DC7E2CEA56D1796A68D60706213EDF4F4FD4A4480470B932E0CE64,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955559Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:05.470{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=14D07C1418DBAA242ED32EDB5BC3CA96,SHA256=237C6F424E7A265129D365DEB8531755A723A6078203DDF4C7F7E9A3C3150555,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000047955558Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:01.818{3BF36828-4019-611D-0B00-00000000CA01}628C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-128.attackrange.local53778-true0:0:0:0:0:0:0:1win-dc-128.attackrange.local389ldap 354300x800000000000000047955557Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:01.818{3BF36828-402C-611D-2900-00000000CA01}2928C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-128.attackrange.local53778-true0:0:0:0:0:0:0:1win-dc-128.attackrange.local389ldap 354300x800000000000000047955556Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:00.989{3BF36828-4037-611D-7100-00000000CA01}4948C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local53777-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000047955562Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:06.907{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=229B9577FB5AEE6C078822825E4ABDFA,SHA256=9EAC3D08FE14A04B1A010B64DEB5FF573E982B31DBA1648D46191B58576183BC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725365Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:06.554{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=10DAC63C94D80542B6394C97D0D7BC7F,SHA256=6FD12BE960A27107AFBC33C3F3486112719B3DC23E5CE944BF95822CCFC93DAE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955561Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:06.626{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B740DCC6A058664853AA2D1F2CB9919A,SHA256=0F7C17E74DC49191ADC90F038B1EBCBF9C9C33BC07E51054327034174F76E7CC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725366Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:07.572{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CF5B9E9B76D8181ED8316556344D353D,SHA256=5A33C4F2EB11FA26BF9CEB167AA8D248ED1D1B8007AF7320F817049C6B76E203,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955563Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:07.766{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=5BBF18A5F6E20277D83B26D535CC249F,SHA256=878ED36390774C43247D163279FC21F9355AB5A729336E6E2F3D137CED3E7EBD,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725367Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:08.606{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=958D65B5B1C0FAB216CB0DAD9834E1FD,SHA256=68A20DD4159747821E06A617B301A510352357B218DE8A298318C3B383CA5EC3,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955564Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:08.095{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=14303C7F3FADFD073CC40D84988BF18C,SHA256=86361E852CB59241DF1484BE33D21A1EBEA67B7BD35BE9DE5F2E9A5F970B6B93,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725368Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:09.621{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0D90630B8EAA7F20030C150E1AB78795,SHA256=9D6490C06E1B4E201D28B520233A8E5A02C54ABDBC31A4B0B9148156EB14F56A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955566Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:09.235{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=E9045FA6166E014A1458364270901DE7,SHA256=5EBF81C7E5755F54BA12138AC4933E15B5109CCED9D81C14C4120F169250EEC4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955565Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:09.110{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7B2FB1691795BF12DB58443923634C2D,SHA256=8391B45D434C21A8397DB76B2A658E558637FC5F3ABA855A2E3289631A8F5AD0,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725370Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:10.636{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AF3CE77D6D1E8E896FA99FEC702B75A1,SHA256=031D04C6E7E152C8E29AF49D0C0131CC773BAD9DB86089DA2BFFB80FDFB23DC1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955569Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:10.376{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=53A9C6BFDA5CAF66E3FF270C055EECAD,SHA256=88D36B8C6E65244443A3E9580530DC4985CD5968A74798661C0FAB52570AF019,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000047955568Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:06.021{3BF36828-4037-611D-7100-00000000CA01}4948C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local53779-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000047955567Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:10.126{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=96D35D20795456A707BAC3933111D325,SHA256=D90FA1EA10F91F7108B2EF349A53339A172A40BAFA670BA99F9C60FB97C3FC80,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000030725369Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:15.066{B81B27B7-401D-611D-6900-00000000C801}3616C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58858-false10.0.1.12-8000- 23542300x800000000000000030725371Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:11.670{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=574A5CAC533B2F301429ECA5E73E1192,SHA256=802EFA05F4AAF5CB91D8DD057B25FF321A44574F2CEF8C595733B602F46DC140,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955572Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:11.579{3BF36828-402C-611D-3000-00000000CA01}2220NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=9D45E1BDB6F237A6CF51FFC6A12E6130,SHA256=87EEE278CDF62B2B86AF9CB87BDB04BAFB10272CEA175D83979B0C43158C5AB9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955571Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:11.391{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=89706E83A8F5BA15D1A7B4E66C6E41DD,SHA256=29BAF979D03B26D327732106D96072ABF25F61F055C920A0BD03E037B3F21FE2,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955570Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:11.173{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F8B291096899E52A764C23238C0ECDFD,SHA256=5A5235F98DCFD63CEBAF160A6C3CCE3B41ACEF047995A562F638A5A714F3BF83,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725372Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:12.704{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EB1B35BE8F1F5FDEC05333A5A077A3C9,SHA256=4AAD1E330428497FBC96006C2A6F0EBE2FCADF6D92F062074723B9AF31B3BF60,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955574Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:12.532{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=42DBD99BD97EFAFC96FD6EC5C8B7D9DD,SHA256=16BC6E4B0CEF6115052322BAE1A9A142B9F41FCEF33EDBB1DDB9B86383982354,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955573Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:12.173{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B61C4282D47AEA6763A6F660ED158A21,SHA256=36BF9AAEDF7DAE9D9CD3169A73BB41A5F8B969D9137F68B2F77A89DCBBABF464,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725382Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:13.719{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D15CCF45BBA4A1A01D5ACD422A8A2D56,SHA256=4ABE8ABF2D066710C2BA34E87EEFBEA73C7CDBE3B429ABD613F27FD15AE7F26F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955577Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:13.673{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=57CFA330641E639C39C840814D37C829,SHA256=47E90012818FE706CE30A27097ADCADCE56E21DA357CB0FDEF88B9447C2B8E58,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000047955576Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:09.396{3BF36828-402C-611D-3000-00000000CA01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local53780-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8089- 23542300x800000000000000047955575Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:13.204{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=636AF0E50799ECE2A20BE051F1EB70E4,SHA256=06AF0DE4ECBE199F965D86DB3D92F550F749FE18D3D0D5BD6E030F97D3547C0E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000030725381Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:13.487{B81B27B7-63F5-6125-6B00-01000000C801}66124444C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{B81B27B7-4013-611D-2700-00000000C801}2076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725380Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:13.335{B81B27B7-4014-611D-3000-00000000C801}31443164C:\Windows\system32\conhost.exe{B81B27B7-63F5-6125-6B00-01000000C801}6612C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725379Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:13.335{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725378Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:13.335{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725377Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:13.335{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725376Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:13.335{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725375Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:13.335{B81B27B7-4012-611D-0500-00000000C801}420984C:\Windows\system32\csrss.exe{B81B27B7-63F5-6125-6B00-01000000C801}6612C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000030725374Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:13.335{B81B27B7-4013-611D-2700-00000000C801}20763760C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{B81B27B7-63F5-6125-6B00-01000000C801}6612C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000030725373Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:13.320{B81B27B7-63F5-6125-6B00-01000000C801}6612C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{B81B27B7-4012-611D-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{B81B27B7-4013-611D-2700-00000000C801}2076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000030725393Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:14.733{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A295179E2B017341CD91AECD30EC78C0,SHA256=A7EE9D2BE6F4F45C3CF1C86D9F537A629BC01C51EDA53F103FCECD2957915D17,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955579Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:14.938{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=9D97D679A896BCCA2888C723E8CE409A,SHA256=72E99142A4F87E7DFE4A7BA2196F3202E08A343E236CBE4E5D4C84F9584B77C3,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955578Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:14.220{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BDF23ADF1E27B4BDC45333B13FFE95E5,SHA256=9B0ED6DF35BC88794FAE09C4E1883517FF7233085179692496B718301122E6CF,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725392Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:14.549{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=1925D9CFB82642DCAFBFAC6970747D41,SHA256=11CD6977D3305CDBBF4C6638935264160670E483658CA68672BB5C8CD95FBB69,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725391Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:14.549{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=8DC92F5E25EBA0A54A286A21B2FF7B99,SHA256=37B0BE379C8A003B40389A7E24B84B185F82AE3BD3E59485AC6425D5C77ACE52,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000030725390Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:14.034{B81B27B7-4014-611D-3000-00000000C801}31443164C:\Windows\system32\conhost.exe{B81B27B7-63F6-6125-6C00-01000000C801}5688C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725389Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:14.034{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725388Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:14.034{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725387Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:14.034{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725386Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:14.034{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725385Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:14.034{B81B27B7-4012-611D-0500-00000000C801}420984C:\Windows\system32\csrss.exe{B81B27B7-63F6-6125-6C00-01000000C801}5688C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000030725384Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:14.034{B81B27B7-4013-611D-2700-00000000C801}20763760C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{B81B27B7-63F6-6125-6C00-01000000C801}5688C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000030725383Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:14.019{B81B27B7-63F6-6125-6C00-01000000C801}5688C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{B81B27B7-4012-611D-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{B81B27B7-4013-611D-2700-00000000C801}2076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000030725394Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:15.748{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E8C8C4E90C11249E66AE2B6A26952BB9,SHA256=E164BDDB03058CF5E71EFA2CFA547B419913FB96BA70F75C3A71AE04586AE919,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000047955581Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:11.912{3BF36828-4037-611D-7100-00000000CA01}4948C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local53781-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000047955580Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:15.235{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8707EC835EB6DC78F604347906F10360,SHA256=D93BD9BE9BF3183B55E8D5C46D4AD2D77FE981577AC577CD83CDF8871D702737,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000030725396Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:21.077{B81B27B7-401D-611D-6900-00000000C801}3616C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58859-false10.0.1.12-8000- 23542300x800000000000000030725395Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:16.769{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=852E72912FD5EEA074255CF2904F3CD6,SHA256=A40692785F2F69BF75FA871BAB3FF9BF93CC1CFFDBDBBF850B4A9967D4070410,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955583Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:16.646{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=EABE71FF6DC33E67C8907BA212F679D8,SHA256=ADEB9C1F94CFB256B6AFCC5E5DF6A74975E02782156A0B8243A8CF44C7FEBB4B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955582Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:16.255{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CBF62FA6574E78C0D5E1DD6F42EB1DE8,SHA256=36A54DBD9236EDD94A4CB1F5AE7014C0F3686896460124B3700C1D8AA3C4760F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725397Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:17.815{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=95A206C38F77BA32DD551FD379852156,SHA256=545A039D866B9D580DAF91B3EEC406BBAD1502A571530227DAE00410284D06FC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955585Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:17.708{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=82310231B2706D8D0725F61B24720BA9,SHA256=BC7F0B9E9A15294CA4CA55BC2E0C79FF85DBC521769878D8386A2AF4F890D241,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955584Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:17.271{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=98A45EA1FB6910295A98F0AFB5D0BC7F,SHA256=6F99693BCC4B4F5C97FF2AA4839B45F844683E2FBEAEAD22DED7331CBFDB4687,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725398Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:18.845{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2BE58D7763DE322AA7CA2FBA299D9216,SHA256=8E50206586D8A0BF16E63F79CB9D1BFDFFA2704C8E73EB51C52F05008255DD55,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955587Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:18.943{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=230A5A3AF59F5F66B06484143C4CAC09,SHA256=DB8D6B507B655FF237F6939EE01C3F9443C645CA22042C192F7CB5F7F7CE94AA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955586Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:18.287{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0AC49E5724DCB590A84E21BE22441D7B,SHA256=245242C6E1053E505DD1AD093B74B0D720EA75716C688B158E5EAA18DA2997E8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000030725407Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:19.997{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725406Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:19.997{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725405Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:19.997{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725404Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:19.997{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725403Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:19.997{B81B27B7-4012-611D-0500-00000000C801}420984C:\Windows\system32\csrss.exe{B81B27B7-63FB-6125-6D00-01000000C801}4620C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000030725402Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:19.997{B81B27B7-4013-611D-2700-00000000C801}20763760C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{B81B27B7-63FB-6125-6D00-01000000C801}4620C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000030725401Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:19.982{B81B27B7-63FB-6125-6D00-01000000C801}4620C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{B81B27B7-4012-611D-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{B81B27B7-4013-611D-2700-00000000C801}2076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000030725400Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:19.862{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1D46270A504A5B27357FAA943997F7E8,SHA256=ABCD7FE42B13BCFB409E90A13C44017B929CB249E34C5B7BCB70373D4E71E2F5,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955588Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:19.318{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4329197945C637D86F7D754B7700940D,SHA256=A565C9B6692E10A2F9FD3232F918750208F1E89E3C01CE0EA4A8227BDC6EB6FB,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725399Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:19.213{B81B27B7-4013-611D-2700-00000000C801}2076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=9D45E1BDB6F237A6CF51FFC6A12E6130,SHA256=87EEE278CDF62B2B86AF9CB87BDB04BAFB10272CEA175D83979B0C43158C5AB9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725423Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:20.983{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=CA1BFD6D716042D31803B6CC167FF672,SHA256=F6AA8989EA5D86C2FB61D7579382F132A467BD094FDB007E82F6CFBFF4F21C4F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725422Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:20.983{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=1925D9CFB82642DCAFBFAC6970747D41,SHA256=11CD6977D3305CDBBF4C6638935264160670E483658CA68672BB5C8CD95FBB69,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000030725421Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:26.126{B81B27B7-4013-611D-2700-00000000C801}2076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58861-false10.0.1.12-8089- 354300x800000000000000030725420Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:26.126{B81B27B7-401D-611D-6900-00000000C801}3616C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58860-false10.0.1.12-8000- 23542300x800000000000000030725419Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:20.914{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B60C069CDD2688657266C3049D8D15E9,SHA256=3F2CC6116C320DD61CE16253F447CA88787A55F60ADEC48CDF1BDC645B8ADCDA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000047955592Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:17.103{3BF36828-4037-611D-7100-00000000CA01}4948C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local53782-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000047955591Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:20.427{3BF36828-401B-611D-1200-00000000CA01}760NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=232A890465C47257C4628CFA0F7902E5,SHA256=9CE5CA345D231BC885D4E0340C91438F368B8B755B165DBEF1F253DE53B7A789,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955590Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:20.412{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=DE3AE06A7FB00D0C9F696BF253149662,SHA256=7AD1816FDE0BC1935BE7E743F31310E459AF4F2898D875CD346681A87CDAC79D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955589Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:20.333{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B439140D2FFA504C2327F501A227CFCE,SHA256=1A7099914338CD1765ED2B8F2496BEF47B4BF416972F39C261FCAFA73D18AC34,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000030725418Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:20.843{B81B27B7-63FC-6125-6E00-01000000C801}36083700C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{B81B27B7-4013-611D-2700-00000000C801}2076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725417Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:20.696{B81B27B7-4014-611D-3000-00000000C801}31443164C:\Windows\system32\conhost.exe{B81B27B7-63FC-6125-6E00-01000000C801}3608C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725416Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:20.696{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725415Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:20.696{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725414Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:20.696{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725413Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:20.696{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725412Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:20.696{B81B27B7-4012-611D-0500-00000000C801}420984C:\Windows\system32\csrss.exe{B81B27B7-63FC-6125-6E00-01000000C801}3608C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000030725411Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:20.681{B81B27B7-4013-611D-2700-00000000C801}20763760C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{B81B27B7-63FC-6125-6E00-01000000C801}3608C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000030725410Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:20.682{B81B27B7-63FC-6125-6E00-01000000C801}3608C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{B81B27B7-4012-611D-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{B81B27B7-4013-611D-2700-00000000C801}2076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000030725409Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:20.166{B81B27B7-63FB-6125-6D00-01000000C801}46206628C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{B81B27B7-4013-611D-2700-00000000C801}2076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725408Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:19.997{B81B27B7-4014-611D-3000-00000000C801}31443164C:\Windows\system32\conhost.exe{B81B27B7-63FB-6125-6D00-01000000C801}4620C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000030725424Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:21.929{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7FF7540C8FA1C05AA7C7C002D9CAD923,SHA256=A258B77D30AA84172244E4EF421DF1DAF816D0F33A1D725DB69B71058096C9BE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955594Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:21.599{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=683D35CB6A346A070068B9C00674B918,SHA256=4182EEAF1E57D0E35EF2F431EA6C03AF6944F80ED8CF60E1CF645DC41D090775,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955593Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:21.365{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0C9A5179E4198043E0B3D84DEDE5B127,SHA256=49F059F40C9C9BA23DAA6AA30034A0E5527553191C3315581FCE758FC74B44E6,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725425Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:22.943{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E2C4C024B9F58A05856A18EF715037AC,SHA256=C1264474502CDD1A3B1E92DC42839C8577BC3015526E16F54CFBCDA5CE0B9AE6,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955596Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:22.693{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=791B10D65F9C08B0AAE05CA9A2D5E787,SHA256=50BADBBBAFE30783C0C9EF698916C265CCC53C957DEBD4651185B6F7BBC05133,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955595Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:22.396{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=33D22C718963C3ECBE4E8884688E02B9,SHA256=7AFFB47A7F2431A43E49909BD5B60CADC8F7E62153D6A7CB6EBF6780648A1EB6,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725434Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:23.963{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A5B2CED204F4142DD464C2B2D5B83DFC,SHA256=7BEAB5E221EB7FA8C237AD622BB633AE3345CB7D82EF4A13ADECD1B7E25867F9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955598Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:23.897{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=CD2B0D0CB66231E45D13D2E60FF79688,SHA256=B16AFA491DDA2D5A5FD5ED8784A88E25C870D65C261043472FA6B21274E030F2,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955597Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:23.427{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7599404DABCC1C78B862F0AE8C7F409C,SHA256=4A1904C256F53E42FF53745FF5441CF02A77779A03B7441C59BA14C61666E4E3,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000030725433Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:23.143{B81B27B7-4014-611D-3000-00000000C801}31443164C:\Windows\system32\conhost.exe{B81B27B7-63FF-6125-6F00-01000000C801}2108C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725432Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:23.143{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725431Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:23.143{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725430Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:23.143{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725429Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:23.143{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725428Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:23.143{B81B27B7-4012-611D-0500-00000000C801}420536C:\Windows\system32\csrss.exe{B81B27B7-63FF-6125-6F00-01000000C801}2108C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000030725427Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:23.143{B81B27B7-4013-611D-2700-00000000C801}20763760C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{B81B27B7-63FF-6125-6F00-01000000C801}2108C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000030725426Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:23.128{B81B27B7-63FF-6125-6F00-01000000C801}2108C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{B81B27B7-4012-611D-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{B81B27B7-4013-611D-2700-00000000C801}2076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000030725436Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:24.995{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C5A613E6D80E020206A0DC49B4DB4F13,SHA256=54EFAB2095710624258B304D382EDB03CC2EDFA206829F94415E7BD742340BC4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955599Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:24.458{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B40FE1C0C04E5A6392B27E03F4788088,SHA256=82CA3F21F850F4EB457D3AB4A667A5ED25F9DC9007B6D0C0B7259843C0F0BCC0,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725435Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:24.143{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=CA1BFD6D716042D31803B6CC167FF672,SHA256=F6AA8989EA5D86C2FB61D7579382F132A467BD094FDB007E82F6CFBFF4F21C4F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955601Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:25.474{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AD5B647F912727A21FDA292F71DAC4FD,SHA256=99C599263E09D14F16BD116C83A106DEAC527DDAB97DF0151DC3FF2029A93D3F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955600Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:25.083{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=94672C8B9019038269B2213ADD69CDBD,SHA256=2E0C35A98B9F74B2B473FA57E1ABA9F68D21636CFC928B2DFAC1CB1A95118CF9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000047955604Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:23.009{3BF36828-4037-611D-7100-00000000CA01}4948C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local53783-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000047955603Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:26.490{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6C850F2F261AA5EAA790F30AA1F6219F,SHA256=E66B6CEE801CFD7D44CDEFC0A6F01DB738A6004AF9215C4681DF718D94AB7448,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000030725438Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:32.070{B81B27B7-401D-611D-6900-00000000C801}3616C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58862-false10.0.1.12-8000- 23542300x800000000000000030725437Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:26.025{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D6CCD17088686267EDFE2404AABB5716,SHA256=EBD46C7C29991F321035847AF091845C803CAE95D3073678477C545EA797FFE8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955602Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:26.177{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=BBA06EF8FD125AAC1372BFDF5D1FB0B5,SHA256=4A4B03ECE5F4C25F5AD2D974973DC6CC4A1FAD3EA8D51BAC715D07D9DB15ACEA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955606Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:27.787{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B038AAF9E65642CD0B4AB4BFF0A5D6B0,SHA256=74F1F1EF0234BDB6E09E5CDDD7D5201106E07BCDA21DEE011AA5FB80B9FF2325,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955605Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:27.505{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=64EDE574D5ECEA9DEA9C80BFD9A54C8C,SHA256=974EAA0D6C18A9B16B8800FE05F9127995D60B4B011A10AAA1180E15815DD701,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725439Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:27.057{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2243B39863C97AC2CBEF06634BFFE568,SHA256=F3740FAC8AC6F82BD0C3252A0C0786B41C2A95974A8153C7B8CE9A0139D7A66B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955608Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:28.833{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=052AFD25E45AF8A7AF3AA5EAAADB696F,SHA256=B56DFA6B55FDD01E9C8FB0B090860017BC45BBA32AB400932A1C93CB8E16E35A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955607Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:28.537{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=17B45D7F4E875960A0C60459DFC9D663,SHA256=A834C2C4494A2CC130F7ED4F763E638EC5F9641611E6BCEB3248800AC7D2AC3B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725440Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:28.093{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FCDDC4BDC830E0EDFF34CEF009467B18,SHA256=42C8CEDE3E11220B6FE092573D568EC8B35179201FF8E2D876209EBA26C94439,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955610Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:29.958{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=21C0229E4313289A1CC90DA01817CB79,SHA256=51F078959DCB91C20CEBB197755D15DB31DDCA5349DCD83C1D8BA86973A33037,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955609Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:29.537{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BFF4AC8E4CA041D5E7B99B817EEF8AD5,SHA256=74A7BAC9B9CE53155FC0218405C5E039CD16C2DA54166EDE3CFAC7FC88208329,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725441Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:29.108{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2D27CB0646CE48C5C1E33154D5399A16,SHA256=EDC7BCDAEB517289359EA365C4EBF8B929475AD1D87B9C86E0FC63A0A491576B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725442Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:30.124{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1105D0312C46CEA77F57C1C55A102C6D,SHA256=34B5ADE66448ED8D769EA5413279A883EAF8F14E3998ED53BD476584E30FE4F9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955611Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:30.552{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FD89FF682D6C58DB3C99432ADDCDAC9D,SHA256=2C5C16FCE179AD724DA56EBE57527F3C30EF6F7C90A9082EE473AF6411AF4D93,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955613Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:31.568{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=61B3D273E199FBB2C859FF4C7B3C07E6,SHA256=584EF9FFC3CC448D9230AAD6F05E2D074B4C99259D2B66ABCB09F15F2A982BDE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725443Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:31.138{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B14635E144C8739E6D5599B899F6D4EF,SHA256=0749E63395FCA43C274572823AB368F2A2D849938A7E64DE67C9F895DD5E112A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955612Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:31.193{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=EF4C2E60C9B4DC5A9EBE59FA2D2A3956,SHA256=5019BC1502DC366DA8206E06FC5074BDB1D27D43281DA59EAC85F6D5647D77BE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000047955616Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:28.900{3BF36828-4037-611D-7100-00000000CA01}4948C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local53784-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000047955615Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:32.568{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=66A39D9F00B84774B6D307549F4A9C62,SHA256=6FF2971B05A364BC892D8591FAB8138C8ABD826C617AE4199A3E5629CC30FBBB,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725445Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:32.155{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4E8C3A6D0CB4A4EC6D3A9941BB364F8E,SHA256=798CB09368E77DFB94E6858319FD81789311C661252929CBBD03B2B2CCC3B35C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955614Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:32.490{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=DBAAA1C255232E82A0D6EB931D11A426,SHA256=ED5FF59BFFFEDB9DA07BE156B14EAF75D8EF7B21781376DE75CFD8685886B18D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000030725444Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:37.167{B81B27B7-401D-611D-6900-00000000C801}3616C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58863-false10.0.1.12-8000- 23542300x800000000000000047955618Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:33.740{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=7157270ABBCC30123AA3C8269ACBB653,SHA256=13833097932F8BEF154DA86DF2CFCDE7756DDBA79B5C821DF3C22C0872B216EA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955617Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:33.583{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F68E0B35142C808E737B0EF75689DBB7,SHA256=FF5A351F1797D9C8B0B326B5468B01D21D2A17AF7714FDFA6B90C995991BEA7A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725446Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:33.158{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=49F95746F1A8AFEDA2A0BD1C8AB175C7,SHA256=9E2A02207C50B46F7330E9457BD94322D1C705B63731924BED89E05B28468FA4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955620Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:34.865{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=0663317DDF3BC22264C925BCDB49874C,SHA256=887FEF67788DF4E6855FDA9F3EEC2934971D24CB3675D041171C67DD996F6B6E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955619Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:34.599{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3B72E3DFDFA9412191E06AB9230A3A34,SHA256=032498B4C979C821AF89C7746CCBC03A01D3F5EADCB694A4DAE2A76051783082,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725447Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:34.204{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D88B439C03BEA31344D038577F0A4EFC,SHA256=CFD13BDBF9411225476EA63C4595501376F672DA924C7743AC35475020308AC2,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955621Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:35.635{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D0A288DF97446B805D3C88301D40C225,SHA256=79CC7D4A5D176D5D44BEC09FB9988F6D8C600CEB6474593480B35E01EE0BF3AE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725448Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:35.219{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BAAB11DCC1B08E96F64C0F5EB6DA5C45,SHA256=3C7C18C9387D0B42DD6DCEE02BF85D511F6F134F0AA314694F41D6C14F4A8F8D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955623Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:36.635{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=68E27A2D163AD33382F1AE6EEBEBFA19,SHA256=6DD5A84189C5AB8FC9975836D6F5DCF8154FA7015A0C6387D973F0FF78564AD5,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725449Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:36.251{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4EB3815AB825E85D902295D905075707,SHA256=C9B8C935DC2FD82A5CEF30360038A24C2F675ACD5B534C5FC43D1CAFB2CB0F0B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955622Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:36.041{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=CDC595E9F75C3BA4FEC2BDDD4A005966,SHA256=C1FC4D3438A904AD2188BAC34411E54B6ABE6F6DAB27C2B1131049538CA8FE9E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000047955626Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:33.920{3BF36828-4037-611D-7100-00000000CA01}4948C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local53785-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000047955625Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:37.651{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6CF9B1847261A157E9E325140D36D337,SHA256=AE49A4B9331A009359530122A8656444A2EAA6ED4337D8671579BB2D0CD22FB9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725450Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:37.270{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=492D4D62F6B6445824AFFD7F2210AFBF,SHA256=4C49E21C3E6321505D34C52D55F6AD45BF166FF0F03498116CAB70F81EBCD654,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955624Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:37.073{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=53B3310FD3C34B998ABE20CAC5F92604,SHA256=46C9150F6B14B2C68555E19E4315BA92124FA24D038938556C811DFBEA576A28,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955628Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:38.666{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=45CBF0E7964BE7794CDEC9FC36DB9574,SHA256=29CD5D86B2F5D5A2C3EE680E7E7FC4001DEA41A2AD328AB2A0E5FEBF6F8D4BAE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000030725452Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:43.083{B81B27B7-401D-611D-6900-00000000C801}3616C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58864-false10.0.1.12-8000- 23542300x800000000000000030725451Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:38.300{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=045D1B331A16F98AD3B82A6D63F51812,SHA256=DAC23A2D12132AD881625FC22B39DCAB45752169DF07F67C5D6E9F0F00D404D6,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955627Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:38.151{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2BD329664A01087F728FE5FB780F3DEF,SHA256=1EB1FB9D4B5C6495607F9EB9022517EA2C7D18C366E040291403085C6BFC18B6,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955630Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:39.666{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A2CE54EE1E8B82016354F3400B42D757,SHA256=DF0184A52C68D6B59E35FEB4B3B46A87BBD74E2E32BE2F8268A879DB1758DEFC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725453Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:39.330{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=80D259E30B612A01834D36B67DA9158E,SHA256=E4E750A2653E0F03ADBCDC8F45E6C1ABA37E8616ACA38708E8239367E1522490,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955629Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:39.416{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A680A1149DC31505996FCDE0438A04FF,SHA256=78CE323646C498B64D1E13AAD7F8DA0A343BA43BF2F4A17F2B7B0ACE785BBD78,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955632Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:40.916{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=1FC41F2004BC861AC657E7F2BA1AFAFA,SHA256=F38E22D98CA8DF398157B5DD8D2442983AFDA20F59DC2BA66E13EFFCAADDA645,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955631Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:40.698{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5A6AC6209FFAC42C07889873FC23C41C,SHA256=8752C099BFA673D19C75DF027B4871C351C4DCF92B0FC94FC62DF012C921A232,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725454Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:40.346{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=50ACB83A8A5EA065CA346608A42E7273,SHA256=39228F3039E0ADFCF5476AE01D2BBF1D4A5DB1581BB0C449AF7245FC0DD0E3C5,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955633Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:41.713{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=10F0C830B0595A05B1907F80AD62D275,SHA256=0CD5F3ECB7BA8BD92BC3D9604BD621F6DEA31ACBB4CCB4B5FB4527ECB11BACE0,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725455Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:41.397{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5E71F058F68C1D282F985066B6235891,SHA256=70F42DA1342A1CFF8F2C5FE155E31F48AEB143A4CABF7EF3167E38BC7D5FCF2A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000030725457Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:48.140{B81B27B7-401D-611D-6900-00000000C801}3616C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58865-false10.0.1.12-8000- 23542300x800000000000000030725456Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:42.427{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EBEC12365CE572A151F3946805557A4D,SHA256=13F417B0378CAE5A36F12CCDCE9D9BB743A08858DF899F2D97DE96AD85105D59,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955635Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:42.729{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1591CAD422C1FE6CD22016446B128AD1,SHA256=CE53F429BA451ECC9E93FD8D2B5FD639F6D063E7B1B72FE68B41BF3CD2ACACA1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955634Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:42.073{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=10719831935BC3329700F68236F00EA6,SHA256=22CF01663FE59BF3D0A65BE9879CA7B96C59DAEDF966CB0D31679AF2DD8898F4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955699Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:43.729{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B7A690BC3F2EC02810976A2B2535E33D,SHA256=BB4C10D7C4D578B3681054FA3748A07553510374F4D797ACC3B1060457FBC87B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725458Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:43.444{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3BB3E8DD2D5BB0FDFFDCDC5AA8CB4A7A,SHA256=A566C38C4BEEEB108F783A288583BCB8D5B1D4CC6D8501800441101BDC291817,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x800000000000000047955698Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:43.666{3BF36828-6413-6125-5AF4-00000000CA01}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000047955697Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:43.652{3BF36828-6413-6125-5AF4-00000000CA01}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000047955696Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:43.652{3BF36828-6413-6125-5AF4-00000000CA01}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 23542300x800000000000000047955695Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:43.526{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4FE743A564978DD7D45783BC13669D30,SHA256=71548AFF971FAFA444F534A3AF3A6C6D9CB4B839C1C37E0A011C05DCF9E92851,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x800000000000000047955694Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:43.479{3BF36828-6413-6125-5AF4-00000000CA01}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000047955693Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:43.479{3BF36828-6413-6125-5AF4-00000000CA01}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=B6E99FD898E948657373BB02708C7C00,SHA256=90476029BD7AB0FEC53AAE567AE53BC0B09C7C5C8C7B8F19485BA872B74ED591,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000047955692Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:43.479{3BF36828-6413-6125-5AF4-00000000CA01}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000047955691Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:43.479{3BF36828-6413-6125-5AF4-00000000CA01}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000047955690Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:43.463{3BF36828-6413-6125-5AF4-00000000CA01}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000047955689Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:43.463{3BF36828-6413-6125-5AF4-00000000CA01}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000047955688Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:43.463{3BF36828-6413-6125-5AF4-00000000CA01}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000047955687Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:43.463{3BF36828-6413-6125-5AF4-00000000CA01}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000047955686Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:43.463{3BF36828-6413-6125-5AF4-00000000CA01}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sspicli.dll10.0.14393.2580 (rs1_release_inmarket.181009-1745)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=5061339CE61C0B32DB8F51A95E3B2422,SHA256=60558CA374334D4C6BBAD475921538C14A9FF3422893348A0503C1F33015FD25,IMPHASH=4B1C9487A6420C18F688F0EC5BEB6F33trueMicrosoft WindowsValid 734700x800000000000000047955685Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:43.463{3BF36828-6413-6125-5AF4-00000000CA01}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000047955684Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:43.463{3BF36828-6413-6125-5AF4-00000000CA01}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000047955683Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:43.463{3BF36828-6413-6125-5AF4-00000000CA01}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000047955682Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:43.463{3BF36828-6413-6125-5AF4-00000000CA01}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000047955681Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:43.448{3BF36828-6413-6125-5AF4-00000000CA01}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000047955680Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:43.448{3BF36828-6413-6125-5AF4-00000000CA01}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\combase.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=88632FDECDE467B887C3594BE2EC545C,SHA256=FFED4D80961917C785063411ED15CED1DB6588AD925E76D72E1BF684FFDBF25D,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000047955679Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:43.448{3BF36828-6413-6125-5AF4-00000000CA01}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000047955678Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:43.448{3BF36828-6413-6125-5AF4-00000000CA01}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000047955677Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:43.448{3BF36828-6413-6125-5AF4-00000000CA01}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000047955676Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:43.448{3BF36828-6413-6125-5AF4-00000000CA01}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000047955675Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:43.448{3BF36828-6413-6125-5AF4-00000000CA01}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000047955674Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:43.448{3BF36828-6413-6125-5AF4-00000000CA01}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000047955673Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:43.448{3BF36828-6413-6125-5AF4-00000000CA01}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000047955672Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:43.448{3BF36828-6413-6125-5AF4-00000000CA01}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000047955671Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:43.448{3BF36828-6413-6125-5AF4-00000000CA01}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000047955670Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:43.448{3BF36828-6413-6125-5AF4-00000000CA01}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000047955669Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:43.448{3BF36828-6413-6125-5AF4-00000000CA01}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000047955668Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:43.448{3BF36828-6413-6125-5AF4-00000000CA01}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000047955667Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:43.448{3BF36828-6413-6125-5AF4-00000000CA01}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000047955666Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:43.448{3BF36828-6413-6125-5AF4-00000000CA01}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000047955665Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:43.448{3BF36828-6413-6125-5AF4-00000000CA01}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\nsi.dll10.0.14393.3297 (rs1_release_1.191001-1045)NSI User-mode interface DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationnsi.dllMD5=994E2A6D2A0B38E0968B3998E42033AC,SHA256=491F2D1DE09C39B324BCF5800198AC7CCE755F4023F1FEB3854D33716461BC27,IMPHASH=B01B7830101BC0D5FBDE4FFE2B170CF7trueMicrosoft WindowsValid 734700x800000000000000047955664Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:43.448{3BF36828-6413-6125-5AF4-00000000CA01}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000047955663Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:43.448{3BF36828-6413-6125-5AF4-00000000CA01}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000047955662Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:43.448{3BF36828-6413-6125-5AF4-00000000CA01}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dnsapi.dll10.0.14393.4350 (rs1_release.210407-2154)DNS Client API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationdnsapiMD5=D7651F99299B13D576A72643BFC44944,SHA256=589302E630C473DBDF4CE92C59F00B029FCA0C228E7111A764166E16025FA1A9,IMPHASH=3C043C6FF0F62DAEB8819606F79C5ECCtrueMicrosoft WindowsValid 734700x800000000000000047955661Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:43.448{3BF36828-6413-6125-5AF4-00000000CA01}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\IPHLPAPI.DLL10.0.14393.2339 (rs1_release_inmarket.180611-1502)IP Helper APIMicrosoft® Windows® Operating SystemMicrosoft Corporationiphlpapi.dllMD5=3CD38EDF9CA12F91131EDEE32D1C9DF5,SHA256=AF2440640BF8BDEAAF0DECDD7C354158E415ED0AA340ABA7A6CCCDC09C1E728B,IMPHASH=98738BA55485CCA932F6D222F47FFC55trueMicrosoft WindowsValid 734700x800000000000000047955660Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:43.448{3BF36828-6413-6125-5AF4-00000000CA01}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000047955659Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:43.448{3BF36828-6413-6125-5AF4-00000000CA01}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5,IMPHASH=0D8FF9DE2DA5C07D680347B1A098E759trueMicrosoft WindowsValid 734700x800000000000000047955658Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:43.448{3BF36828-6413-6125-5AF4-00000000CA01}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\advapi32.dll10.0.14393.2969 (rs1_release.190503-1820)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=F5442C4B9A99C3AED71BED79AC46DAD1,SHA256=05F47403F3BD93FB11F39A5CB4D6E4DD08B35FF4FA3D4969D8E5396D38FB484B,IMPHASH=D2F471BB25AF6310EB67BD4EA99B4DBCtrueMicrosoft WindowsValid 734700x800000000000000047955657Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:43.448{3BF36828-6413-6125-5AF4-00000000CA01}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4350 (rs1_release.210407-2154)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=BC930981DA6E598A6A2E87D8355CB38A,SHA256=34DB9A305C0574B5C1694A499221B520DFB2BFD894D8E95096ABF09F1182D758,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000047955656Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:43.448{3BF36828-6413-6125-5AF4-00000000CA01}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000047955655Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:43.448{3BF36828-6413-6125-5AF4-00000000CA01}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 10341000x800000000000000047955654Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:43.448{3BF36828-402D-611D-3A00-00000000CA01}36083628C:\Windows\system32\conhost.exe{3BF36828-6413-6125-5AF4-00000000CA01}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000047955653Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:43.448{3BF36828-6413-6125-5AF4-00000000CA01}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000047955652Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:43.448{3BF36828-6413-6125-5AF4-00000000CA01}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000047955651Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:43.448{3BF36828-6413-6125-5AF4-00000000CA01}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 10341000x800000000000000047955650Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:43.448{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000047955649Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:43.448{3BF36828-6413-6125-5AF4-00000000CA01}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exeMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AECtrueSplunk, Inc.Valid 10341000x800000000000000047955648Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:43.448{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047955647Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:43.448{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047955646Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:43.448{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047955645Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:43.448{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047955644Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:43.448{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047955643Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:43.448{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047955642Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:43.448{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047955641Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:43.448{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047955640Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:43.448{3BF36828-4019-611D-0500-00000000CA01}408424C:\Windows\system32\csrss.exe{3BF36828-6413-6125-5AF4-00000000CA01}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000047955639Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:43.448{3BF36828-402C-611D-3000-00000000CA01}22204860C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3BF36828-6413-6125-5AF4-00000000CA01}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000047955638Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:43.435{3BF36828-6413-6125-5AF4-00000000CA01}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{3BF36828-4019-611D-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{3BF36828-402C-611D-3000-00000000CA01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000047955637Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:43.229{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=240C0E6601317EC9D4AAC612688095AC,SHA256=354A6823FE114B2E8495A615E0D09A29ADA73CECD15C8BE0ABE110A57CC0BC60,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000047955636Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:39.108{3BF36828-4037-611D-7100-00000000CA01}4948C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local53786-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000030725459Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:44.509{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=75964C8154E30D4EC20B1B711EB4E2B7,SHA256=AA4B85304EA25FA22A969D209ADDA49C8AEBB422F0E2D176BD3CFAC3C4198D0C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955817Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.922{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=194D949D87E2530B5CC16BC61F84FF09,SHA256=810580DA7F0F9BE60BF8B6E7C73F1C1541567EDFF691157AA4129E8A4113C863,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x800000000000000047955816Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.870{3BF36828-6414-6125-5CF4-00000000CA01}5556C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 10341000x800000000000000047955815Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.870{3BF36828-6414-6125-5CF4-00000000CA01}55563836C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{3BF36828-402C-611D-3000-00000000CA01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000047955814Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.870{3BF36828-6414-6125-5CF4-00000000CA01}5556C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000047955813Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.870{3BF36828-6414-6125-5CF4-00000000CA01}5556C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 23542300x800000000000000047955812Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.854{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=656DE75E510B4CC8637ADA4ACB40635F,SHA256=AEF3E6336F37ECE1CDC39F2DE65879AD4872EFEF5FBE8047E029E26DE3856BB7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955811Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.791{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0301108445157E6A938DEC6B6F4793F5,SHA256=5AAE59671E92F3AFACE95E6E0BE842BC81D7489027DCDD0C934E30EA7F6F33A1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955810Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.744{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A02221F4FB170E8FCD996C5AD7D3C477,SHA256=30A603144F48666176D4B75C1636951337C6BFD7A68D7691B5D24921994BD33B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x800000000000000047955809Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.698{3BF36828-6414-6125-5CF4-00000000CA01}5556C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000047955808Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.698{3BF36828-6414-6125-5CF4-00000000CA01}5556C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=B6E99FD898E948657373BB02708C7C00,SHA256=90476029BD7AB0FEC53AAE567AE53BC0B09C7C5C8C7B8F19485BA872B74ED591,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000047955807Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.698{3BF36828-6414-6125-5CF4-00000000CA01}5556C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000047955806Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.698{3BF36828-6414-6125-5CF4-00000000CA01}5556C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000047955805Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.698{3BF36828-6414-6125-5CF4-00000000CA01}5556C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000047955804Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.698{3BF36828-6414-6125-5CF4-00000000CA01}5556C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000047955803Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.698{3BF36828-6414-6125-5CF4-00000000CA01}5556C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000047955802Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.698{3BF36828-6414-6125-5CF4-00000000CA01}5556C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000047955801Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.682{3BF36828-6414-6125-5CF4-00000000CA01}5556C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000047955800Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.682{3BF36828-6414-6125-5CF4-00000000CA01}5556C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000047955799Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.682{3BF36828-6414-6125-5CF4-00000000CA01}5556C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000047955798Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.682{3BF36828-6414-6125-5CF4-00000000CA01}5556C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000047955797Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.682{3BF36828-6414-6125-5CF4-00000000CA01}5556C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=88632FDECDE467B887C3594BE2EC545C,SHA256=FFED4D80961917C785063411ED15CED1DB6588AD925E76D72E1BF684FFDBF25D,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000047955796Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.682{3BF36828-6414-6125-5CF4-00000000CA01}5556C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000047955795Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.682{3BF36828-6414-6125-5CF4-00000000CA01}5556C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000047955794Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.682{3BF36828-6414-6125-5CF4-00000000CA01}5556C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000047955793Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.682{3BF36828-6414-6125-5CF4-00000000CA01}5556C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000047955792Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.682{3BF36828-6414-6125-5CF4-00000000CA01}5556C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000047955791Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.682{3BF36828-6414-6125-5CF4-00000000CA01}5556C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000047955790Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.682{3BF36828-6414-6125-5CF4-00000000CA01}5556C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000047955789Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.682{3BF36828-6414-6125-5CF4-00000000CA01}5556C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000047955788Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.682{3BF36828-6414-6125-5CF4-00000000CA01}5556C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000047955787Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.682{3BF36828-6414-6125-5CF4-00000000CA01}5556C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000047955786Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.682{3BF36828-6414-6125-5CF4-00000000CA01}5556C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4350 (rs1_release.210407-2154)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=BC930981DA6E598A6A2E87D8355CB38A,SHA256=34DB9A305C0574B5C1694A499221B520DFB2BFD894D8E95096ABF09F1182D758,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000047955785Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.682{3BF36828-6414-6125-5CF4-00000000CA01}5556C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000047955784Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.682{3BF36828-6414-6125-5CF4-00000000CA01}5556C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000047955783Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.682{3BF36828-6414-6125-5CF4-00000000CA01}5556C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000047955782Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.682{3BF36828-6414-6125-5CF4-00000000CA01}5556C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000047955781Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.682{3BF36828-6414-6125-5CF4-00000000CA01}5556C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000047955780Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.682{3BF36828-6414-6125-5CF4-00000000CA01}5556C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000047955779Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.682{3BF36828-6414-6125-5CF4-00000000CA01}5556C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000047955778Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.682{3BF36828-6414-6125-5CF4-00000000CA01}5556C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000047955777Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.682{3BF36828-6414-6125-5CF4-00000000CA01}5556C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000047955776Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.682{3BF36828-6414-6125-5CF4-00000000CA01}5556C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000047955775Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.682{3BF36828-6414-6125-5CF4-00000000CA01}5556C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.2969 (rs1_release.190503-1820)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=F5442C4B9A99C3AED71BED79AC46DAD1,SHA256=05F47403F3BD93FB11F39A5CB4D6E4DD08B35FF4FA3D4969D8E5396D38FB484B,IMPHASH=D2F471BB25AF6310EB67BD4EA99B4DBCtrueMicrosoft WindowsValid 10341000x800000000000000047955774Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.666{3BF36828-402D-611D-3A00-00000000CA01}36083628C:\Windows\system32\conhost.exe{3BF36828-6414-6125-5CF4-00000000CA01}5556C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000047955773Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.666{3BF36828-6414-6125-5CF4-00000000CA01}5556C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000047955772Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.666{3BF36828-6414-6125-5CF4-00000000CA01}5556C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000047955771Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.666{3BF36828-6414-6125-5CF4-00000000CA01}5556C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 10341000x800000000000000047955770Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.666{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047955769Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.666{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000047955768Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.666{3BF36828-6414-6125-5CF4-00000000CA01}5556C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1CtrueSplunk, Inc.Valid 10341000x800000000000000047955767Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.666{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047955766Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.666{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047955765Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.666{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047955764Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.666{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047955763Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.666{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047955762Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.666{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047955761Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.666{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047955760Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.666{3BF36828-4019-611D-0500-00000000CA01}408424C:\Windows\system32\csrss.exe{3BF36828-6414-6125-5CF4-00000000CA01}5556C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000047955759Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.666{3BF36828-402C-611D-3000-00000000CA01}22204860C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3BF36828-6414-6125-5CF4-00000000CA01}5556C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000047955758Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.654{3BF36828-6414-6125-5CF4-00000000CA01}5556C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{3BF36828-4019-611D-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{3BF36828-402C-611D-3000-00000000CA01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000047955757Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.651{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6A9B6B6D26DB4103E3F1DF73D84DFF22,SHA256=86A8E558A8B39B4B6B5A4AEA40F3E01919FF56E44A5C2F2B3BCD074D6EF23550,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955756Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.619{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=BD49063956D5DF3DB60BF01DE5205752,SHA256=1C1A0A70AB97320D22BEBC5F82DC936343BE573A7547B4947FC87FFE574F2F89,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x800000000000000047955755Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.354{3BF36828-6414-6125-5BF4-00000000CA01}5748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000047955754Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.354{3BF36828-6414-6125-5BF4-00000000CA01}5748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000047955753Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.354{3BF36828-6414-6125-5BF4-00000000CA01}5748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x800000000000000047955752Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.151{3BF36828-6414-6125-5BF4-00000000CA01}5748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000047955751Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.151{3BF36828-6414-6125-5BF4-00000000CA01}5748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rsaenh.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=B6E99FD898E948657373BB02708C7C00,SHA256=90476029BD7AB0FEC53AAE567AE53BC0B09C7C5C8C7B8F19485BA872B74ED591,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000047955750Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.151{3BF36828-6414-6125-5BF4-00000000CA01}5748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000047955749Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.135{3BF36828-6414-6125-5BF4-00000000CA01}5748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000047955748Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.135{3BF36828-6414-6125-5BF4-00000000CA01}5748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000047955747Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.135{3BF36828-6414-6125-5BF4-00000000CA01}5748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000047955746Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.135{3BF36828-6414-6125-5BF4-00000000CA01}5748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000047955745Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.135{3BF36828-6414-6125-5BF4-00000000CA01}5748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000047955744Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.135{3BF36828-6414-6125-5BF4-00000000CA01}5748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000047955743Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.135{3BF36828-6414-6125-5BF4-00000000CA01}5748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000047955742Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.135{3BF36828-6414-6125-5BF4-00000000CA01}5748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000047955741Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.135{3BF36828-6414-6125-5BF4-00000000CA01}5748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000047955740Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.135{3BF36828-6414-6125-5BF4-00000000CA01}5748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\combase.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=88632FDECDE467B887C3594BE2EC545C,SHA256=FFED4D80961917C785063411ED15CED1DB6588AD925E76D72E1BF684FFDBF25D,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000047955739Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.135{3BF36828-6414-6125-5BF4-00000000CA01}5748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000047955738Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.135{3BF36828-6414-6125-5BF4-00000000CA01}5748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000047955737Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.135{3BF36828-6414-6125-5BF4-00000000CA01}5748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000047955736Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.135{3BF36828-6414-6125-5BF4-00000000CA01}5748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000047955735Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.135{3BF36828-6414-6125-5BF4-00000000CA01}5748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000047955734Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.135{3BF36828-6414-6125-5BF4-00000000CA01}5748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000047955733Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.135{3BF36828-6414-6125-5BF4-00000000CA01}5748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000047955732Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.135{3BF36828-6414-6125-5BF4-00000000CA01}5748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000047955731Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.135{3BF36828-6414-6125-5BF4-00000000CA01}5748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000047955730Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.135{3BF36828-6414-6125-5BF4-00000000CA01}5748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000047955729Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.135{3BF36828-6414-6125-5BF4-00000000CA01}5748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4350 (rs1_release.210407-2154)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=BC930981DA6E598A6A2E87D8355CB38A,SHA256=34DB9A305C0574B5C1694A499221B520DFB2BFD894D8E95096ABF09F1182D758,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000047955728Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.135{3BF36828-6414-6125-5BF4-00000000CA01}5748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000047955727Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.135{3BF36828-6414-6125-5BF4-00000000CA01}5748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000047955726Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.135{3BF36828-6414-6125-5BF4-00000000CA01}5748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000047955725Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.135{3BF36828-6414-6125-5BF4-00000000CA01}5748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000047955724Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.135{3BF36828-6414-6125-5BF4-00000000CA01}5748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000047955723Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.135{3BF36828-6414-6125-5BF4-00000000CA01}5748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000047955722Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.135{3BF36828-6414-6125-5BF4-00000000CA01}5748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000047955721Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.135{3BF36828-6414-6125-5BF4-00000000CA01}5748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000047955720Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.135{3BF36828-6414-6125-5BF4-00000000CA01}5748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000047955719Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.135{3BF36828-6414-6125-5BF4-00000000CA01}5748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000047955718Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.135{3BF36828-6414-6125-5BF4-00000000CA01}5748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\fltLib.dll10.0.14393.0 (rs1_release.160715-1616)Filter LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationfilterLib.dllMD5=051ABD8360BDA63A1BC77C662FBF0A25,SHA256=C914E2DBAEC2C9A11923A984B30A979637D3A27B3C29E93F4C90FB1D9FBC518F,IMPHASH=74D3C2DA8B6F9861866B866AE40683D3trueMicrosoft WindowsValid 734700x800000000000000047955717Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.135{3BF36828-6414-6125-5BF4-00000000CA01}5748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\advapi32.dll10.0.14393.2969 (rs1_release.190503-1820)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=F5442C4B9A99C3AED71BED79AC46DAD1,SHA256=05F47403F3BD93FB11F39A5CB4D6E4DD08B35FF4FA3D4969D8E5396D38FB484B,IMPHASH=D2F471BB25AF6310EB67BD4EA99B4DBCtrueMicrosoft WindowsValid 10341000x800000000000000047955716Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.135{3BF36828-402D-611D-3A00-00000000CA01}36083628C:\Windows\system32\conhost.exe{3BF36828-6414-6125-5BF4-00000000CA01}5748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000047955715Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.135{3BF36828-6414-6125-5BF4-00000000CA01}5748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000047955714Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.135{3BF36828-6414-6125-5BF4-00000000CA01}5748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 10341000x800000000000000047955713Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.135{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047955712Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.135{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047955711Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.135{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000047955710Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.135{3BF36828-6414-6125-5BF4-00000000CA01}5748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 10341000x800000000000000047955709Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.135{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047955708Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.135{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000047955707Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.135{3BF36828-6414-6125-5BF4-00000000CA01}5748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exeMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8trueSplunk, Inc.Valid 10341000x800000000000000047955706Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.135{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047955705Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.135{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047955704Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.135{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047955703Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.135{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047955702Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.135{3BF36828-4019-611D-0500-00000000CA01}408424C:\Windows\system32\csrss.exe{3BF36828-6414-6125-5BF4-00000000CA01}5748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000047955701Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.119{3BF36828-402C-611D-3000-00000000CA01}22204860C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3BF36828-6414-6125-5BF4-00000000CA01}5748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000047955700Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.120{3BF36828-6414-6125-5BF4-00000000CA01}5748C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{3BF36828-4019-611D-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{3BF36828-402C-611D-3000-00000000CA01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000047955878Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:45.838{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=AB24785A18EDA6E64869D1C89CC37D85,SHA256=675A0824D860B5BA5345C5DC5944799DCBE831F3E50B474E725A3EF0424E9099,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955877Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:45.838{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=51B1B5F3A71BA332CF688BB83B41C1EE,SHA256=D93929120604010D7052CE5D37ECFEDD6ADAB9F64A0CC611D37C94EEE929A80D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725460Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:45.524{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F70D30B0A5B9B5A41085D9CEFCEE82D0,SHA256=2FBE18D06786D4C8E60E7AB72D6BBEC6EC343BDA5CBD2EF6A25C034A95C9E1B1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955876Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:45.666{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=5D7B3A8EC35F46307AD6D4392DC930F9,SHA256=F454113DE1EBF7E16FF22219970F8FFB44A69FA863CC1EE62F620AA917A8C8C9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955875Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:45.604{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=21BBD3938FB01187D1C34BB4900D5B8C,SHA256=B70D6CDE3E0CE4F72755E8C2D05D176069AE7D34DAF5E1D3EACC00B25A4AA7AA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x800000000000000047955874Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:45.573{3BF36828-6415-6125-5DF4-00000000CA01}3676C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000047955873Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:45.573{3BF36828-6415-6125-5DF4-00000000CA01}3676C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000047955872Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:45.573{3BF36828-6415-6125-5DF4-00000000CA01}3676C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 23542300x800000000000000047955871Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:45.541{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B59498734601020BAC82406CF933A446,SHA256=78A848F1649E620BB2511543694F8ECDBDE2FF5C8589924536BD86E64C676AD2,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x800000000000000047955870Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:45.385{3BF36828-6415-6125-5DF4-00000000CA01}3676C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000047955869Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:45.385{3BF36828-6415-6125-5DF4-00000000CA01}3676C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=B6E99FD898E948657373BB02708C7C00,SHA256=90476029BD7AB0FEC53AAE567AE53BC0B09C7C5C8C7B8F19485BA872B74ED591,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000047955868Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:45.385{3BF36828-6415-6125-5DF4-00000000CA01}3676C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000047955867Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:45.385{3BF36828-6415-6125-5DF4-00000000CA01}3676C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000047955866Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:45.385{3BF36828-6415-6125-5DF4-00000000CA01}3676C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000047955865Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:45.385{3BF36828-6415-6125-5DF4-00000000CA01}3676C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000047955864Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:45.385{3BF36828-6415-6125-5DF4-00000000CA01}3676C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000047955863Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:45.369{3BF36828-6415-6125-5DF4-00000000CA01}3676C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000047955862Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:45.369{3BF36828-6415-6125-5DF4-00000000CA01}3676C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000047955861Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:45.369{3BF36828-6415-6125-5DF4-00000000CA01}3676C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000047955860Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:45.369{3BF36828-6415-6125-5DF4-00000000CA01}3676C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000047955859Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:45.369{3BF36828-6415-6125-5DF4-00000000CA01}3676C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000047955858Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:45.369{3BF36828-6415-6125-5DF4-00000000CA01}3676C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\winspool.drv10.0.14393.4169 (rs1_release.210107-1130)Windows Spooler DriverMicrosoft® Windows® Operating SystemMicrosoft Corporationwinspool.drvMD5=D21FAA584F844E61375D95B5BE9115EE,SHA256=E221EA0081FDE7AAAD71A38016A8D470082B3732E9ED2D8ED7C97E9F41AF0045,IMPHASH=2005807FD04567B79F4109D23F9E6018trueMicrosoft WindowsValid 734700x800000000000000047955857Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:45.369{3BF36828-6415-6125-5DF4-00000000CA01}3676C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000047955856Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:45.369{3BF36828-6415-6125-5DF4-00000000CA01}3676C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000047955855Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:45.369{3BF36828-6415-6125-5DF4-00000000CA01}3676C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000047955854Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:45.369{3BF36828-6415-6125-5DF4-00000000CA01}3676C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000047955853Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:45.369{3BF36828-6415-6125-5DF4-00000000CA01}3676C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000047955852Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:45.369{3BF36828-6415-6125-5DF4-00000000CA01}3676C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000047955851Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:45.369{3BF36828-6415-6125-5DF4-00000000CA01}3676C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\combase.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=88632FDECDE467B887C3594BE2EC545C,SHA256=FFED4D80961917C785063411ED15CED1DB6588AD925E76D72E1BF684FFDBF25D,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000047955850Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:45.369{3BF36828-6415-6125-5DF4-00000000CA01}3676C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000047955849Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:45.369{3BF36828-6415-6125-5DF4-00000000CA01}3676C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000047955848Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:45.369{3BF36828-6415-6125-5DF4-00000000CA01}3676C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000047955847Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:45.369{3BF36828-6415-6125-5DF4-00000000CA01}3676C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000047955846Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:45.369{3BF36828-6415-6125-5DF4-00000000CA01}3676C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000047955845Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:45.369{3BF36828-6415-6125-5DF4-00000000CA01}3676C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000047955844Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:45.369{3BF36828-6415-6125-5DF4-00000000CA01}3676C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000047955843Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:45.369{3BF36828-6415-6125-5DF4-00000000CA01}3676C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000047955842Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:45.369{3BF36828-6415-6125-5DF4-00000000CA01}3676C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4350 (rs1_release.210407-2154)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=BC930981DA6E598A6A2E87D8355CB38A,SHA256=34DB9A305C0574B5C1694A499221B520DFB2BFD894D8E95096ABF09F1182D758,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000047955841Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:45.369{3BF36828-6415-6125-5DF4-00000000CA01}3676C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000047955840Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:45.369{3BF36828-6415-6125-5DF4-00000000CA01}3676C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000047955839Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:45.369{3BF36828-6415-6125-5DF4-00000000CA01}3676C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\advapi32.dll10.0.14393.2969 (rs1_release.190503-1820)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=F5442C4B9A99C3AED71BED79AC46DAD1,SHA256=05F47403F3BD93FB11F39A5CB4D6E4DD08B35FF4FA3D4969D8E5396D38FB484B,IMPHASH=D2F471BB25AF6310EB67BD4EA99B4DBCtrueMicrosoft WindowsValid 734700x800000000000000047955838Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:45.369{3BF36828-6415-6125-5DF4-00000000CA01}3676C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000047955837Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:45.369{3BF36828-6415-6125-5DF4-00000000CA01}3676C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000047955836Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:45.369{3BF36828-6415-6125-5DF4-00000000CA01}3676C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000047955835Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:45.369{3BF36828-6415-6125-5DF4-00000000CA01}3676C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 10341000x800000000000000047955834Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:45.369{3BF36828-402D-611D-3A00-00000000CA01}36083628C:\Windows\system32\conhost.exe{3BF36828-6415-6125-5DF4-00000000CA01}3676C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000047955833Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:45.369{3BF36828-6415-6125-5DF4-00000000CA01}3676C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000047955832Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:45.369{3BF36828-6415-6125-5DF4-00000000CA01}3676C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000047955831Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:45.354{3BF36828-6415-6125-5DF4-00000000CA01}3676C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000047955830Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:45.354{3BF36828-6415-6125-5DF4-00000000CA01}3676C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exeMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748trueSplunk, Inc.Valid 10341000x800000000000000047955829Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:45.354{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047955828Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:45.354{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047955827Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:45.354{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047955826Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:45.354{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047955825Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:45.354{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047955824Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:45.354{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047955823Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:45.354{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047955822Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:45.354{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047955821Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:45.354{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047955820Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:45.354{3BF36828-4019-611D-0500-00000000CA01}408528C:\Windows\system32\csrss.exe{3BF36828-6415-6125-5DF4-00000000CA01}3676C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000047955819Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:45.354{3BF36828-402C-611D-3000-00000000CA01}22204860C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3BF36828-6415-6125-5DF4-00000000CA01}3676C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000047955818Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:45.339{3BF36828-6415-6125-5DF4-00000000CA01}3676C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{3BF36828-4019-611D-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{3BF36828-402C-611D-3000-00000000CA01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000030725461Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:46.540{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FF9BD8FD56981791F56E5C10CD11175B,SHA256=3056D0296548350274E5C3B147F7A0744F0680AFFD6A4E41BD4900F8EF691A53,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x800000000000000047955990Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.916{3BF36828-6416-6125-5FF4-00000000CA01}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 10341000x800000000000000047955989Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.916{3BF36828-6416-6125-5FF4-00000000CA01}55763868C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{3BF36828-402C-611D-3000-00000000CA01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000047955988Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.916{3BF36828-6416-6125-5FF4-00000000CA01}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000047955987Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.901{3BF36828-6416-6125-5FF4-00000000CA01}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x800000000000000047955986Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.745{3BF36828-6416-6125-5FF4-00000000CA01}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000047955985Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.745{3BF36828-6416-6125-5FF4-00000000CA01}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=B6E99FD898E948657373BB02708C7C00,SHA256=90476029BD7AB0FEC53AAE567AE53BC0B09C7C5C8C7B8F19485BA872B74ED591,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000047955984Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.745{3BF36828-6416-6125-5FF4-00000000CA01}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000047955983Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.745{3BF36828-6416-6125-5FF4-00000000CA01}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000047955982Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.745{3BF36828-6416-6125-5FF4-00000000CA01}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000047955981Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.745{3BF36828-6416-6125-5FF4-00000000CA01}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000047955980Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.745{3BF36828-6416-6125-5FF4-00000000CA01}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000047955979Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.745{3BF36828-6416-6125-5FF4-00000000CA01}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000047955978Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.729{3BF36828-6416-6125-5FF4-00000000CA01}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000047955977Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.729{3BF36828-6416-6125-5FF4-00000000CA01}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000047955976Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.729{3BF36828-6416-6125-5FF4-00000000CA01}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000047955975Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.729{3BF36828-6416-6125-5FF4-00000000CA01}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000047955974Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.729{3BF36828-6416-6125-5FF4-00000000CA01}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000047955973Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.729{3BF36828-6416-6125-5FF4-00000000CA01}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000047955972Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.729{3BF36828-6416-6125-5FF4-00000000CA01}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=88632FDECDE467B887C3594BE2EC545C,SHA256=FFED4D80961917C785063411ED15CED1DB6588AD925E76D72E1BF684FFDBF25D,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000047955971Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.729{3BF36828-6416-6125-5FF4-00000000CA01}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000047955970Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.729{3BF36828-6416-6125-5FF4-00000000CA01}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000047955969Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.729{3BF36828-6416-6125-5FF4-00000000CA01}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000047955968Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.729{3BF36828-6416-6125-5FF4-00000000CA01}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000047955967Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.729{3BF36828-6416-6125-5FF4-00000000CA01}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000047955966Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.729{3BF36828-6416-6125-5FF4-00000000CA01}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000047955965Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.729{3BF36828-6416-6125-5FF4-00000000CA01}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000047955964Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.729{3BF36828-6416-6125-5FF4-00000000CA01}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000047955963Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.729{3BF36828-6416-6125-5FF4-00000000CA01}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000047955962Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.729{3BF36828-6416-6125-5FF4-00000000CA01}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4350 (rs1_release.210407-2154)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=BC930981DA6E598A6A2E87D8355CB38A,SHA256=34DB9A305C0574B5C1694A499221B520DFB2BFD894D8E95096ABF09F1182D758,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000047955961Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.729{3BF36828-6416-6125-5FF4-00000000CA01}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000047955960Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.729{3BF36828-6416-6125-5FF4-00000000CA01}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000047955959Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.729{3BF36828-6416-6125-5FF4-00000000CA01}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000047955958Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.729{3BF36828-6416-6125-5FF4-00000000CA01}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000047955957Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.729{3BF36828-6416-6125-5FF4-00000000CA01}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000047955956Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.729{3BF36828-6416-6125-5FF4-00000000CA01}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000047955955Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.729{3BF36828-6416-6125-5FF4-00000000CA01}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000047955954Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.729{3BF36828-6416-6125-5FF4-00000000CA01}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000047955953Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.729{3BF36828-6416-6125-5FF4-00000000CA01}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000047955952Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.729{3BF36828-6416-6125-5FF4-00000000CA01}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.2969 (rs1_release.190503-1820)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=F5442C4B9A99C3AED71BED79AC46DAD1,SHA256=05F47403F3BD93FB11F39A5CB4D6E4DD08B35FF4FA3D4969D8E5396D38FB484B,IMPHASH=D2F471BB25AF6310EB67BD4EA99B4DBCtrueMicrosoft WindowsValid 10341000x800000000000000047955951Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.729{3BF36828-402D-611D-3A00-00000000CA01}36083628C:\Windows\system32\conhost.exe{3BF36828-6416-6125-5FF4-00000000CA01}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000047955950Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.729{3BF36828-6416-6125-5FF4-00000000CA01}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000047955949Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.729{3BF36828-6416-6125-5FF4-00000000CA01}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000047955948Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.729{3BF36828-6416-6125-5FF4-00000000CA01}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 10341000x800000000000000047955947Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.729{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047955946Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.729{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000047955945Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.729{3BF36828-6416-6125-5FF4-00000000CA01}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1CtrueSplunk, Inc.Valid 10341000x800000000000000047955944Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.729{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047955943Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.729{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047955942Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.729{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047955941Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.729{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047955940Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.729{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047955939Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.729{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047955938Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.729{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047955937Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.729{3BF36828-4019-611D-0500-00000000CA01}408424C:\Windows\system32\csrss.exe{3BF36828-6416-6125-5FF4-00000000CA01}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000047955936Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.713{3BF36828-402C-611D-3000-00000000CA01}22204860C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3BF36828-6416-6125-5FF4-00000000CA01}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000047955935Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.714{3BF36828-6416-6125-5FF4-00000000CA01}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{3BF36828-4019-611D-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{3BF36828-402C-611D-3000-00000000CA01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000047955934Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.166{3BF36828-6416-6125-5EF4-00000000CA01}16765956C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{3BF36828-402C-611D-3000-00000000CA01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000047955933Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.166{3BF36828-6416-6125-5EF4-00000000CA01}1676C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000047955932Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.166{3BF36828-6416-6125-5EF4-00000000CA01}1676C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x800000000000000047955931Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.057{3BF36828-6416-6125-5EF4-00000000CA01}1676C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000047955930Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.057{3BF36828-6416-6125-5EF4-00000000CA01}1676C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rsaenh.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=B6E99FD898E948657373BB02708C7C00,SHA256=90476029BD7AB0FEC53AAE567AE53BC0B09C7C5C8C7B8F19485BA872B74ED591,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000047955929Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.057{3BF36828-6416-6125-5EF4-00000000CA01}1676C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000047955928Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.057{3BF36828-6416-6125-5EF4-00000000CA01}1676C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000047955927Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.041{3BF36828-6416-6125-5EF4-00000000CA01}1676C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000047955926Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.041{3BF36828-6416-6125-5EF4-00000000CA01}1676C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000047955925Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.041{3BF36828-6416-6125-5EF4-00000000CA01}1676C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000047955924Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.041{3BF36828-6416-6125-5EF4-00000000CA01}1676C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000047955923Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.041{3BF36828-6416-6125-5EF4-00000000CA01}1676C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000047955922Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.041{3BF36828-6416-6125-5EF4-00000000CA01}1676C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000047955921Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.041{3BF36828-6416-6125-5EF4-00000000CA01}1676C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000047955920Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.041{3BF36828-6416-6125-5EF4-00000000CA01}1676C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000047955919Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.041{3BF36828-6416-6125-5EF4-00000000CA01}1676C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000047955918Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.041{3BF36828-6416-6125-5EF4-00000000CA01}1676C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000047955917Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.041{3BF36828-6416-6125-5EF4-00000000CA01}1676C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000047955916Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.041{3BF36828-6416-6125-5EF4-00000000CA01}1676C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000047955915Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.041{3BF36828-6416-6125-5EF4-00000000CA01}1676C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000047955914Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.041{3BF36828-6416-6125-5EF4-00000000CA01}1676C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000047955913Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.041{3BF36828-6416-6125-5EF4-00000000CA01}1676C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000047955912Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.041{3BF36828-6416-6125-5EF4-00000000CA01}1676C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000047955911Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.041{3BF36828-6416-6125-5EF4-00000000CA01}1676C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000047955910Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.041{3BF36828-6416-6125-5EF4-00000000CA01}1676C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000047955909Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.041{3BF36828-6416-6125-5EF4-00000000CA01}1676C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000047955908Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.041{3BF36828-6416-6125-5EF4-00000000CA01}1676C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\advapi32.dll10.0.14393.2969 (rs1_release.190503-1820)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=F5442C4B9A99C3AED71BED79AC46DAD1,SHA256=05F47403F3BD93FB11F39A5CB4D6E4DD08B35FF4FA3D4969D8E5396D38FB484B,IMPHASH=D2F471BB25AF6310EB67BD4EA99B4DBCtrueMicrosoft WindowsValid 734700x800000000000000047955907Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.041{3BF36828-6416-6125-5EF4-00000000CA01}1676C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000047955906Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.041{3BF36828-6416-6125-5EF4-00000000CA01}1676C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000047955905Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.041{3BF36828-6416-6125-5EF4-00000000CA01}1676C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000047955904Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.041{3BF36828-6416-6125-5EF4-00000000CA01}1676C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000047955903Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.041{3BF36828-6416-6125-5EF4-00000000CA01}1676C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4350 (rs1_release.210407-2154)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=BC930981DA6E598A6A2E87D8355CB38A,SHA256=34DB9A305C0574B5C1694A499221B520DFB2BFD894D8E95096ABF09F1182D758,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000047955902Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.041{3BF36828-6416-6125-5EF4-00000000CA01}1676C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000047955901Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.041{3BF36828-6416-6125-5EF4-00000000CA01}1676C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\combase.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=88632FDECDE467B887C3594BE2EC545C,SHA256=FFED4D80961917C785063411ED15CED1DB6588AD925E76D72E1BF684FFDBF25D,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000047955900Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.041{3BF36828-6416-6125-5EF4-00000000CA01}1676C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000047955899Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.041{3BF36828-6416-6125-5EF4-00000000CA01}1676C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000047955898Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.041{3BF36828-6416-6125-5EF4-00000000CA01}1676C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000047955897Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.041{3BF36828-6416-6125-5EF4-00000000CA01}1676C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000047955896Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.041{3BF36828-6416-6125-5EF4-00000000CA01}1676C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 10341000x800000000000000047955895Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.041{3BF36828-402D-611D-3A00-00000000CA01}36083628C:\Windows\system32\conhost.exe{3BF36828-6416-6125-5EF4-00000000CA01}1676C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000047955894Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.041{3BF36828-6416-6125-5EF4-00000000CA01}1676C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000047955893Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.041{3BF36828-6416-6125-5EF4-00000000CA01}1676C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 10341000x800000000000000047955892Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.041{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000047955891Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.041{3BF36828-6416-6125-5EF4-00000000CA01}1676C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 10341000x800000000000000047955890Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.041{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047955889Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.041{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000047955888Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.041{3BF36828-6416-6125-5EF4-00000000CA01}1676C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exeMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165trueSplunk, Inc.Valid 10341000x800000000000000047955887Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.041{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047955886Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.026{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047955885Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.026{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047955884Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.026{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047955883Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.026{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047955882Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.026{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047955881Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.026{3BF36828-4019-611D-0500-00000000CA01}408528C:\Windows\system32\csrss.exe{3BF36828-6416-6125-5EF4-00000000CA01}1676C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000047955880Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.026{3BF36828-402C-611D-3000-00000000CA01}22204860C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3BF36828-6416-6125-5EF4-00000000CA01}1676C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000047955879Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:46.027{3BF36828-6416-6125-5EF4-00000000CA01}1676C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{3BF36828-4019-611D-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{3BF36828-402C-611D-3000-00000000CA01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000047956056Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:47.916{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=454EBAC611CB1EC48B03E2D649010C49,SHA256=35D80D4C4827B1725A95E75AC7E9143218C0F1045CDD5FEAC2E891BC6569A407,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725463Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:47.559{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4D78C8E253A15F90CF15EB0F117C16B9,SHA256=595E34781C0EC9CADAA995545211D446E2E1D88879B5580A552CBD6F8EB08C57,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047956055Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:47.698{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=6553A5C69B99D440B6CF8E5625B94706,SHA256=DEBA727D41487F376378A819F77113687E9B16BF4F88DD24238C97E6CD642792,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x800000000000000047956054Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:47.604{3BF36828-6417-6125-60F4-00000000CA01}3152C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 10341000x800000000000000047956053Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:47.604{3BF36828-6417-6125-60F4-00000000CA01}31524840C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{3BF36828-402C-611D-3000-00000000CA01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000047956052Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:47.604{3BF36828-6417-6125-60F4-00000000CA01}3152C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000047956051Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:47.604{3BF36828-6417-6125-60F4-00000000CA01}3152C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 23542300x800000000000000047956050Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:47.604{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F81D79033C1B8C7C29D5EFDB4C9AB325,SHA256=2E15A6652E63FC08914177454356F9477D013BB52ED101595F4F35C36539FD7F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047956049Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:47.541{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4410E1DC66D8FCB676FBCBAF53AE30DA,SHA256=221504227165D28133453BB97703E9129BFED31EA87665D100D233466BA914E0,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x800000000000000047956048Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:47.432{3BF36828-6417-6125-60F4-00000000CA01}3152C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000047956047Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:47.432{3BF36828-6417-6125-60F4-00000000CA01}3152C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=B6E99FD898E948657373BB02708C7C00,SHA256=90476029BD7AB0FEC53AAE567AE53BC0B09C7C5C8C7B8F19485BA872B74ED591,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000047956046Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:47.432{3BF36828-6417-6125-60F4-00000000CA01}3152C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000047956045Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:47.432{3BF36828-6417-6125-60F4-00000000CA01}3152C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 13241300x800000000000000030725462Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-SetValue2021-08-24 21:26:47.275{B81B27B7-4012-611D-1000-00000000C801}976C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d7992e-0xbe681bb7) 734700x800000000000000047956044Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:47.416{3BF36828-6417-6125-60F4-00000000CA01}3152C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000047956043Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:47.416{3BF36828-6417-6125-60F4-00000000CA01}3152C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000047956042Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:47.416{3BF36828-6417-6125-60F4-00000000CA01}3152C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000047956041Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:47.416{3BF36828-6417-6125-60F4-00000000CA01}3152C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000047956040Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:47.416{3BF36828-6417-6125-60F4-00000000CA01}3152C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000047956039Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:47.416{3BF36828-6417-6125-60F4-00000000CA01}3152C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000047956038Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:47.416{3BF36828-6417-6125-60F4-00000000CA01}3152C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000047956037Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:47.416{3BF36828-6417-6125-60F4-00000000CA01}3152C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000047956036Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:47.416{3BF36828-6417-6125-60F4-00000000CA01}3152C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\combase.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=88632FDECDE467B887C3594BE2EC545C,SHA256=FFED4D80961917C785063411ED15CED1DB6588AD925E76D72E1BF684FFDBF25D,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000047956035Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:47.416{3BF36828-6417-6125-60F4-00000000CA01}3152C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000047956034Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:47.416{3BF36828-6417-6125-60F4-00000000CA01}3152C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000047956033Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:47.416{3BF36828-6417-6125-60F4-00000000CA01}3152C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000047956032Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:47.416{3BF36828-6417-6125-60F4-00000000CA01}3152C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000047956031Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:47.416{3BF36828-6417-6125-60F4-00000000CA01}3152C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000047956030Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:47.416{3BF36828-6417-6125-60F4-00000000CA01}3152C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000047956029Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:47.416{3BF36828-6417-6125-60F4-00000000CA01}3152C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000047956028Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:47.416{3BF36828-6417-6125-60F4-00000000CA01}3152C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000047956027Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:47.416{3BF36828-6417-6125-60F4-00000000CA01}3152C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000047956026Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:47.416{3BF36828-6417-6125-60F4-00000000CA01}3152C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000047956025Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:47.416{3BF36828-6417-6125-60F4-00000000CA01}3152C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000047956024Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:47.416{3BF36828-6417-6125-60F4-00000000CA01}3152C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000047956023Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:47.416{3BF36828-6417-6125-60F4-00000000CA01}3152C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4350 (rs1_release.210407-2154)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=BC930981DA6E598A6A2E87D8355CB38A,SHA256=34DB9A305C0574B5C1694A499221B520DFB2BFD894D8E95096ABF09F1182D758,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000047956022Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:47.416{3BF36828-6417-6125-60F4-00000000CA01}3152C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000047956021Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:47.416{3BF36828-6417-6125-60F4-00000000CA01}3152C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000047956020Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:47.416{3BF36828-6417-6125-60F4-00000000CA01}3152C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000047956019Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:47.416{3BF36828-6417-6125-60F4-00000000CA01}3152C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000047956018Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:47.416{3BF36828-6417-6125-60F4-00000000CA01}3152C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000047956017Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:47.416{3BF36828-6417-6125-60F4-00000000CA01}3152C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000047956016Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:47.416{3BF36828-6417-6125-60F4-00000000CA01}3152C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000047956015Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:47.416{3BF36828-6417-6125-60F4-00000000CA01}3152C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000047956014Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:47.416{3BF36828-6417-6125-60F4-00000000CA01}3152C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5,IMPHASH=0D8FF9DE2DA5C07D680347B1A098E759trueMicrosoft WindowsValid 734700x800000000000000047956013Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:47.416{3BF36828-6417-6125-60F4-00000000CA01}3152C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\advapi32.dll10.0.14393.2969 (rs1_release.190503-1820)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=F5442C4B9A99C3AED71BED79AC46DAD1,SHA256=05F47403F3BD93FB11F39A5CB4D6E4DD08B35FF4FA3D4969D8E5396D38FB484B,IMPHASH=D2F471BB25AF6310EB67BD4EA99B4DBCtrueMicrosoft WindowsValid 10341000x800000000000000047956012Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:47.416{3BF36828-402D-611D-3A00-00000000CA01}36083628C:\Windows\system32\conhost.exe{3BF36828-6417-6125-60F4-00000000CA01}3152C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000047956011Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:47.416{3BF36828-6417-6125-60F4-00000000CA01}3152C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000047956010Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:47.416{3BF36828-6417-6125-60F4-00000000CA01}3152C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 10341000x800000000000000047956009Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:47.416{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000047956008Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:47.416{3BF36828-6417-6125-60F4-00000000CA01}3152C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 10341000x800000000000000047956007Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:47.416{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000047956006Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:47.416{3BF36828-6417-6125-60F4-00000000CA01}3152C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exeMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25trueSplunk, Inc.Valid 10341000x800000000000000047956005Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:47.416{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047956004Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:47.416{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047956003Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:47.416{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047956002Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:47.416{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047956001Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:47.416{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047956000Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:47.401{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047955999Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:47.401{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047955998Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:47.401{3BF36828-4019-611D-0500-00000000CA01}408424C:\Windows\system32\csrss.exe{3BF36828-6417-6125-60F4-00000000CA01}3152C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000047955997Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:47.401{3BF36828-402C-611D-3000-00000000CA01}22204860C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3BF36828-6417-6125-60F4-00000000CA01}3152C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000047955996Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:47.402{3BF36828-6417-6125-60F4-00000000CA01}3152C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{3BF36828-4019-611D-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{3BF36828-402C-611D-3000-00000000CA01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000047955995Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:47.182{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D8B59C537E5801A7DD1F9A54FE381E11,SHA256=2341B20F2556B602C99E01376AC3AECB7D751FA415817F4009F8EA92DB554B3A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955994Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:47.088{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=12D0EC974A832293A638B5B0AE8920A6,SHA256=A908B23FBC93AD6306664B36435E7A0BD7E4A7B1FE9EBFF2CF2F3AF5B7534E4F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955993Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:47.041{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C5B5612AC46B1D2F3785A0F88FFADD9D,SHA256=68A63D8ADDDAF21C7FBBEA00F5999DBA807B289135AFAC275D8D3BAA376477C6,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955992Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:47.010{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=4CB4A4E01AFC1907E90D4029FBCFBD47,SHA256=A0A50B1CC4DC51EC965A5180A414F875C5F463F27971B8A5F7FF4EDC6FC64639,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047955991Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:47.010{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=239E08EA20F342E5D07231FC7408C5AD,SHA256=3F6A0AC5BF9AD673514A2A1FD0CFB2570CB5D14DFA4CB58C380C5A966E8562B8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047956058Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:48.916{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C3E5E1C7D28E195E3830867430CFDFCF,SHA256=D00241AF6305491982D949246E8F98A62E49B6A0B87E05A192D3382A618B77DC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000030725466Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:54.134{B81B27B7-4012-611D-1000-00000000C801}976C:\Windows\System32\svchost.exeNT AUTHORITY\LOCAL SERVICEudptruefalse10.0.1.15win-host-987.attackrange.local123ntpfalse168.61.215.74-123ntp 354300x800000000000000030725465Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:54.051{B81B27B7-401D-611D-6900-00000000C801}3616C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58866-false10.0.1.12-8000- 23542300x800000000000000030725464Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:48.574{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E28FA4AB91129DAFA26EEAFBA3753300,SHA256=C730CB869867AEF1055BDBF3660EF8949EB847E07ED04205335166CE5E2DE85D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047956057Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:48.057{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F56C636E94AA2403C22BAAB2AA3B5EB6,SHA256=3E9F82CC03BE6311900C0982FB53C2BC2E21ED7888C7CD7A80029D62B63D0D82,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047956061Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:49.948{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F750645BE90BDD9E7A91B82A9EC3F552,SHA256=64A5DFD78DD97EA2BA1DC33C9E33B5D2F59662E8519F33D137B4E6FDAEFD1086,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725467Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:49.588{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E8E52E70CA4F207C62776421432BB283,SHA256=15C9E916F8F84A309D10D3DF175628DD956295E33D382A5E3FD0135AB18F85BC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000047956060Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:44.958{3BF36828-4037-611D-7100-00000000CA01}4948C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local53787-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000047956059Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:49.088{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=9FFC2B29C10773F1F5006BF32280656F,SHA256=E095CF4ABD4A201A87EFFBD3017151B788A2092DDBEEC9958C24546C7F8C43EA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047956063Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:50.995{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3BA12B06041F17FC53B6FEC70004024D,SHA256=645F54E12272EDBDDDF5555521FC2B1FEA66BA77AB12B2A4A22C51ADE551E621,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725468Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:50.619{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CDC68B1B04EC2005D126AC255632B3E5,SHA256=929B91D4A4571E2C5C4B9E990737FA7D2F472690AD75CECD9095421F48E1D271,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047956062Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:50.229{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=3EF06326E9949FB4BFF0D19FA9C25847,SHA256=168DA3570BEC293D617781C4A8F3C34D8A163A6ED4B7512FDE2C0C024C46ED3C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725469Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:51.671{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=48DE00A8901A011FFDB0F59F48C2FE99,SHA256=E0D6355B5FB25959BC6059FF9440293C8708E6DA8DB3DD94ED596FC2D912DD49,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047956064Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:51.370{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=E62B88363824B91E6F4B46C10EDA30B3,SHA256=503486F753ECBAFE0F55A3FC6F3A0B8017FC654FB585AFA78C57A4F05ADD73E5,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725470Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:52.717{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6F43BC28C5B243C4220F37D9B8A15CDE,SHA256=8741EFB5D3C17CD03C2FD8396C44CF8375554F14F157FEED170DD1492B9AFD9D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047956066Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:52.541{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=8AB011ACF4F4CC5782AB487E817E1F52,SHA256=E42197FDDEFDD62F293BD0D2050C980AF98C0DFF731D83CE33EAE1B406BBE5D2,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047956065Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:52.026{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6877B45DA02FF72A53F75268919FBA48,SHA256=E9E68A4C50E8BC8A507587E93BC4C2FBC4F58E30614932D014E97209330544B7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725471Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:53.734{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=387463478B015778C9475DDC7FE65470,SHA256=01AD6A95F8CAC81478C28B48CCA729B39A2AF6CA365BF2338E578CA4DCEBC75E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047956068Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:53.745{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=8FC9248B3A93940BE59852900F93519E,SHA256=747F003E630A0D0562FDD9CD5C5AC2890C6F90ED854918952D08DC39EB984E6A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047956067Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:53.057{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=04285D87ECEF66F081A2ABF73BD28F27,SHA256=E411B719655C538ABC948DE17CE516F0C7D6296D395B288487CA5B98C62F5368,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725473Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:54.768{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9D01DC7B10108CFCB3A2A8874529F3BA,SHA256=FF078C3B7B02C6A78E875BA4EFD9DC108D503C6C2209E2E4C149EE53BD5DB0CE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000047956070Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:50.983{3BF36828-4037-611D-7100-00000000CA01}4948C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local53788-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000047956069Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:54.073{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A85237411E74AC198EC33C4E1CCE1F37,SHA256=B776111723EAD82297F9244B81358A3AE69690442E0230F085A4CC35E2148C34,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000030725472Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:00.014{B81B27B7-401D-611D-6900-00000000C801}3616C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58867-false10.0.1.12-8000- 23542300x800000000000000030725474Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:55.783{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=19CF1DDA8E78EE9003DEF3D4C8CDAF33,SHA256=339A8B12FADFC0331B867857BF103DAF5018711AEAD3C14C13FF62D207A000BA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047956072Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:55.276{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=5EB7B2BA5F8BDAF9EC39D70CEB8EAF17,SHA256=A91ABF14ECABAE3A75C03BE7FE198E31B2A18B833357A939D51067832E563DAB,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047956071Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:55.104{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AA382785E1156EB06643BE75FA4BFCBB,SHA256=19EA4657439312048042AE28E14F68C9E9E0646AD983BEF56B1E23B71BD7C24A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725475Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:56.798{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=925EAEA8D17F0607BC100DC296F0B15E,SHA256=AC9A20FC57FD958429F89800B67D0E1EE1A5CD3E639FC2B1487AFE323AF8C330,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047956074Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:56.389{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=BDF338BCF0C3313FA580007849194551,SHA256=B81BF49585B02E884677C5E0C4054465023F111BF52D877264382037E0926FF6,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047956073Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:56.108{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=09EB57828EDC15A746EF7DE7020DFF6C,SHA256=EE5C13C92F06D97853EA3BA837F0DE1D20EC3B6D76CB7987BF78A8A9D5D44B27,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725476Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:57.835{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BBDBDBA4AE9582203E24BEBB9E13CA52,SHA256=6C751ABD8E9E1A4E65777FBB74DEC675F24F8FC2409116AECC28B9805F27CE48,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047956076Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:57.514{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=1F7B03AE77B3F8219F185BB34DB709E7,SHA256=48F65319CA5F594FA77164D6848684091415974576C614A20657143A33CBA168,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047956075Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:57.139{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B300D911E3935FB06EE44C4653BFA3FF,SHA256=953A1C6D719E0A85566E5C9E0D1038A365EEBE553EFB73A10CCCAEC5E337987E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725477Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:58.865{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7D3A88B95B0DAF43B23E100AAAC5CF82,SHA256=611355C800E50BFBCE2636C5AF30505AEE47A473F8B0547BBC5120270A8343FA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047956078Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:58.639{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2582A6304AB5DCE177DF7ACDBEB07D19,SHA256=00729ED1F6500D5FFEB6BEDB8AC1F084415FE3032E8887FCEAC7195B9E62A688,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047956077Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:58.139{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F5D96CF516D2875065506918C8E19BA7,SHA256=9799108988EE46F630801DD9C5D14D0B6B6E948BABC408638DF9B19A9233EDC9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725478Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:26:59.879{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DDBC3B2EAAFD5949D0059C091C868E32,SHA256=BF656F19E82EA4B3883CFE03CFC80DD6D5F6E01B192FA24B0B1DFA3F88A7FCB8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047956080Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:59.908{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=5189FFF984BCFD89BFEA96148C7DE8EA,SHA256=93435BD383BC447D302A19B8E169FE13CC4867D05A19D3D6F785C57528B2BC48,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047956079Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:59.145{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5FE7E9B5D0E9BD212DADB202AF1CB8AC,SHA256=48CF3A669A6C1E84DCCC069708F10807066CFEFF42330D4922D4409D608A70A1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725480Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:00.928{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=78746CE16374D6480B25B73CDC401AE1,SHA256=6F9357A79FEB93CB3C2B4DEA53B649AACDBB327AAC41A3F7D0C4C9E0390D0937,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000047956082Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:26:56.914{3BF36828-4037-611D-7100-00000000CA01}4948C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local53789-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000047956081Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:00.158{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E72B641219215D02B5EE2C91C711B8A8,SHA256=47DCF0B605FF7D7CC3C7B0FF4BCA5016D5955D928107AAC56AE9C8715076C58A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725479Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:00.163{B81B27B7-4012-611D-1100-00000000C801}968NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=157BED5B5951BA9EB55D1EB2B61FF4AD,SHA256=8566E38311D0A0A21973A897B8BFA91CC79230FA3463D79B52C2B85DD696E133,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725482Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:01.946{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A10BEE0F368319E76A8D8C01926AD347,SHA256=341CD1771F4DC541A36F5A80DD840011721995BED4624E5F7CFB4854DB059F5A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047956084Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:01.396{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C287BF62FD2C5440441C11AF633B9062,SHA256=F87264FFA2AF597473CD741BE55A53B3E79AC0CAB497CDA6581C4E3E6A6DBEFA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047956083Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:01.162{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1699FE165167C39D9134C9CC31B9200C,SHA256=24B57B47974F45B46F58A69346BA625DDD463826F8D14398E3E61C7E4FD5014A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000030725481Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:06.025{B81B27B7-401D-611D-6900-00000000C801}3616C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58868-false10.0.1.12-8000- 23542300x800000000000000030725483Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:02.976{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7EE1E70D96CC8C6D92BE986BCF6F7AE6,SHA256=35A92E6ABF3A23E4086376169EF64D9BF3E336BEF3088C09E984E37C233163AC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047956086Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:02.552{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D6C89FE21E425322811E07D2DACA8F5D,SHA256=5C1D1B8CA64F48153FF77522CA62C9EA2AB8606BED2B8987A15B91C061FACF64,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047956085Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:02.224{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=694779F0325EDE7F93CE52C18091A0D6,SHA256=D491F64D15C41CCADDF9037BDE5AEA8B8269C2FEEB64C2DAB90DD626B786EC87,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725492Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:03.981{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ADB73F6665715E0D0B61BBBDA6622D21,SHA256=378FD3B9BFD8669F35A00F8CAC3C71F5FFCFA402312E7C1089807AE02451FA77,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047956088Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:03.912{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=21EF0C7E4337B23D2F4C4291A4FD199D,SHA256=8FF0DC52F3F5F73AC63B115B57E7FC7969BC2E3E1B7BF15F45F6755462E7371D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047956087Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:03.255{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DF2EB299D080434142449B42DDCE9316,SHA256=080DF282249B04588B555E65C3748AB3509728F4CD9E0972C95C434E70D4E716,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000030725491Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:03.866{B81B27B7-4014-611D-3000-00000000C801}31443164C:\Windows\system32\conhost.exe{B81B27B7-6427-6125-7000-01000000C801}5504C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725490Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:03.866{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725489Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:03.866{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725488Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:03.866{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725487Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:03.866{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725486Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:03.866{B81B27B7-4012-611D-0500-00000000C801}420984C:\Windows\system32\csrss.exe{B81B27B7-6427-6125-7000-01000000C801}5504C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000030725485Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:03.866{B81B27B7-4013-611D-2700-00000000C801}20763760C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{B81B27B7-6427-6125-7000-01000000C801}5504C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000030725484Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:03.851{B81B27B7-6427-6125-7000-01000000C801}5504C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{B81B27B7-4012-611D-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{B81B27B7-4013-611D-2700-00000000C801}2076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000047956090Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:04.943{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=40AE803E61620F87F4C94E10A75F7937,SHA256=4B123B120E4508B1D63D11F01A5133F5F180BAE764E3BE92EFFCA96AB8A15AE2,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047956089Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:04.287{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=184DB16A07D1877F070DC1CC6A6B493C,SHA256=AA95A9705E342B69CC64AA93BB5543F8D3747D8BD375BB3C93337F623359CEF7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725503Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:04.850{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=EEA3FA26FD4EE3C1708E85DF402735B1,SHA256=589A472D3EAA0818201CB512AEB888DB281F0FCE5982029D48A73D4C6D16A3BC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725502Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:04.850{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A5E5D2D2E3DC8EB4246D6D408E6A19D2,SHA256=33A01ADA60170E84E3FA31ECF7AB809B94F40DD3C9E0D8C32797B3B9D0EA2980,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000030725501Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:04.612{B81B27B7-6428-6125-7100-01000000C801}8326200C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{B81B27B7-4013-611D-2700-00000000C801}2076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725500Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:04.433{B81B27B7-4014-611D-3000-00000000C801}31443164C:\Windows\system32\conhost.exe{B81B27B7-6428-6125-7100-01000000C801}832C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725499Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:04.431{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725498Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:04.430{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725497Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:04.430{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725496Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:04.430{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725495Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:04.430{B81B27B7-4012-611D-0500-00000000C801}420436C:\Windows\system32\csrss.exe{B81B27B7-6428-6125-7100-01000000C801}832C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000030725494Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:04.429{B81B27B7-4013-611D-2700-00000000C801}20763760C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{B81B27B7-6428-6125-7100-01000000C801}832C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000030725493Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:04.414{B81B27B7-6428-6125-7100-01000000C801}832C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{B81B27B7-4012-611D-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{B81B27B7-4013-611D-2700-00000000C801}2076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000047956093Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:01.838{3BF36828-4019-611D-0B00-00000000CA01}628C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-128.attackrange.local53790-true0:0:0:0:0:0:0:1win-dc-128.attackrange.local389ldap 354300x800000000000000047956092Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:01.838{3BF36828-402C-611D-2900-00000000CA01}2928C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-128.attackrange.local53790-true0:0:0:0:0:0:0:1win-dc-128.attackrange.local389ldap 23542300x800000000000000047956091Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:05.302{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5675F7698F1C0FFEADF67C58797A5C7E,SHA256=C17C4AC479D04EF73F169E545F0D453527010C4A05B4751B1DF16A3A0317CD4F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000030725505Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:11.060{B81B27B7-401D-611D-6900-00000000C801}3616C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58869-false10.0.1.12-8000- 23542300x800000000000000030725504Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:05.013{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=14B6FDD809181650EF7326A00AE886EC,SHA256=B0362F0F55A0BACDA0CB3EA5097F086D6841D004CE70A6C92A0F2587DECC8C14,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000047956096Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:01.962{3BF36828-4037-611D-7100-00000000CA01}4948C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local53791-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000047956095Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:06.302{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=260E40B891325696F783718E044767FD,SHA256=0C41E23E29FCB276B118D2741B16A5C534EF9C0736A60C4BFFFFB34169ED8EB0,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725506Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:06.034{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DB1BB7629C3121BDCFED8E60A9143AE4,SHA256=9CEEB08E6698AD7B90E070F78A3B1AD3A7309A3AD5296A38F0AFE47798FDEB07,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047956094Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:06.240{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=ACE066A8F6217DD7D11671C57239F005,SHA256=04055A60AB9196C0D7C9748494712854E741CE40E6D00E25E8E4690D1A468557,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047956098Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:07.552{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=8579FFB758FB495721D6B78BD6CF8F52,SHA256=5FAA73BDC3F171A4CE42DAA0ABBAFEC1BD8B7B8C9CF480575CA24788FB623632,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047956097Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:07.318{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DF3D31C16F593AFFDEDF5501F769F722,SHA256=C2570C56585B7A422E599D24EA3507A50329444983CBCB9A6D32628220233B2C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725507Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:07.080{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=80704021DD111C94E948C916AE940C2A,SHA256=416843D3F555D025E22AAC67C8F0C5A2A1293CDD1D326A9712AFAB7ED856DF81,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047956100Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:08.615{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=80A5CC69C307C3D6088BD9C8282C38D0,SHA256=7D25CD53C0248C18D75C317CCB8544BEDD423A21C012E7C2DD3FE70BEBB4A14B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047956099Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:08.334{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6E219B6C295B823D7054964DD61690C7,SHA256=D8383EAE30D38735549960482BBF84EEA968FE27ADCCBFE2504C6DBDDC4D0E4C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725508Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:08.127{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B599F29295FB7FBEA81226682D5FBCA0,SHA256=60A0D1795B721323FF5FC16A8653DA7690FA6DA6BD6A872B0CB647C938BC0D1B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725509Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:09.130{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F21E50E59EB2EA732F9B9CB93166D862,SHA256=A1E66B6DCBE23F7F2A560CCD766B571285FF8ED03171C23366D1E002E3880549,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047956102Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:09.755{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=68E205A058E10B59459E3ED27D4F4AF9,SHA256=C1C092D0EE94318EFFFFA1BF8A692D44501B59733E0BEDC02E59893154B29AC8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047956101Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:09.365{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B3D63F5505001F8968C2F1A758F01FF6,SHA256=21A6C45E9846A310BF33131E949C7C928695CB79B8E6F13F520318BCF5EDCCAD,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047956104Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:10.896{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=213D0D10C99BCD8D607866F0E96484CE,SHA256=EA28388BD0E1FB3696CBCD8F8F9A641EC781F901D92424549385D60905247D5C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047956103Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:10.380{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=00BEAA4E532A1B4D30A0ADC353D7D89E,SHA256=596D2D1FD1DCE7B4D8FBDE235F64BFAB4994ED366BC3D4DACFD656FAF761E78C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725510Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:10.134{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5597DB12425EEB7F9A5DFA157045D0D6,SHA256=ECC51511A0285093FFE90CACF800A6B4A2EB8247B07880282BDB447B831D529E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047956107Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:11.599{3BF36828-402C-611D-3000-00000000CA01}2220NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=9D45E1BDB6F237A6CF51FFC6A12E6130,SHA256=87EEE278CDF62B2B86AF9CB87BDB04BAFB10272CEA175D83979B0C43158C5AB9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047956106Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:11.396{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=183636BA77EBC68742820AB20E2B754A,SHA256=F266CA9B79C695C77499EB315E7AC1C821B9160A5F18083F168C4C6D654DAF7F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000030725515Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:17.011{B81B27B7-401D-611D-6900-00000000C801}3616C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58870-false10.0.1.12-8000- 10341000x800000000000000030725514Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:11.380{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-1500-00000000C801}1168C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725513Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:11.380{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-1500-00000000C801}1168C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725512Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:11.380{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-1500-00000000C801}1168C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000030725511Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:11.149{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1F7638CFD76595623D6F6F5FD8CC52A1,SHA256=6706A22273D863AC5354AFB2DDB027CB19C3B2EC16E8115E2FB389DB3692F105,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000047956105Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:07.009{3BF36828-4037-611D-7100-00000000CA01}4948C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local53792-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000047956109Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:12.412{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0892B940A2932F97280328BD1512CCE3,SHA256=FC1A9295598F58CA98C91B28DA2FD98590B9E5CC4F535D6214713D3AECF4757A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725516Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:12.164{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=71D7C4C13B5EE637672D257738A84C77,SHA256=505DE15CEE5CDEC79CA95A15BDA40B83BD960338676C4F50C7BF0F866AC2EC4C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047956108Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:12.146{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=34D1065CEA662B6358AE066132C76EB3,SHA256=328F701E9F8535B245290AFE5A8C9F01A8A65E542888E9F833ECB6345F98D1E1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047956112Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:13.677{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=67C64C2D13424B4ED5681C0BB18B7FBD,SHA256=23BD584CF34DAF922804AB63FA0BDD77611B458E162C341F8DFCE4AD9E7FC15B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047956111Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:13.412{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D51E4CB198D9AE6BBCD4D96D965C3055,SHA256=7B17205A178661AC12D98848139BA10C00B7A140244354907B7F2773A9E6A018,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000030725525Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:13.347{B81B27B7-4014-611D-3000-00000000C801}31443164C:\Windows\system32\conhost.exe{B81B27B7-6431-6125-7200-01000000C801}1568C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725524Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:13.347{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725523Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:13.347{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725522Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:13.347{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725521Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:13.347{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725520Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:13.347{B81B27B7-4012-611D-0500-00000000C801}420984C:\Windows\system32\csrss.exe{B81B27B7-6431-6125-7200-01000000C801}1568C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000030725519Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:13.347{B81B27B7-4013-611D-2700-00000000C801}20763760C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{B81B27B7-6431-6125-7200-01000000C801}1568C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000030725518Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:13.326{B81B27B7-6431-6125-7200-01000000C801}1568C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{B81B27B7-4012-611D-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{B81B27B7-4013-611D-2700-00000000C801}2076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000030725517Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:13.179{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C5C641117C9A88678D8341E3DEA64847,SHA256=1F7D642A8ABC510464A54AAF772AFA871FEBDA66967A21ADB79B124E1CFAC100,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000047956110Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:09.431{3BF36828-402C-611D-3000-00000000CA01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local53793-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8089- 23542300x800000000000000030725537Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:14.346{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=EE7D8909560DE9C2A4DA61009797A2A7,SHA256=78F635D2B15F684220C6EC79A588A29C39D5F0A66FD8DDAC7889A5F2B872B856,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725536Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:14.346{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=EEA3FA26FD4EE3C1708E85DF402735B1,SHA256=589A472D3EAA0818201CB512AEB888DB281F0FCE5982029D48A73D4C6D16A3BC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725535Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:14.193{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=75C75465838349D3A1E449009BE7E571,SHA256=855999181377D5A4D0D0CE213B7D708A3F8320E9D570DC015224195B1F469EB9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047956114Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:14.959{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=768CEADDEC2EF31F21AEF4ABA62C09B4,SHA256=E8181E60CAA3D515F6F738DC147AE9B85D20DC127C276343DC0472351DA41F8B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047956113Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:14.459{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E264AF74A292E6FBFE56DF11589C5F4D,SHA256=C47E8DAFBB231A9C0C88C714E24E9B1B6B43D81595EC8480D9A27B3B06FA1896,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000030725534Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:14.178{B81B27B7-6432-6125-7300-01000000C801}53765244C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{B81B27B7-4013-611D-2700-00000000C801}2076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725533Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:14.028{B81B27B7-4014-611D-3000-00000000C801}31443164C:\Windows\system32\conhost.exe{B81B27B7-6432-6125-7300-01000000C801}5376C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725532Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:14.026{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725531Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:14.026{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725530Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:14.026{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725529Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:14.026{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725528Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:14.026{B81B27B7-4012-611D-0500-00000000C801}420984C:\Windows\system32\csrss.exe{B81B27B7-6432-6125-7300-01000000C801}5376C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000030725527Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:14.025{B81B27B7-4013-611D-2700-00000000C801}20763760C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{B81B27B7-6432-6125-7300-01000000C801}5376C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000030725526Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:14.010{B81B27B7-6432-6125-7300-01000000C801}5376C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{B81B27B7-4012-611D-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{B81B27B7-4013-611D-2700-00000000C801}2076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000047956116Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:15.978{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=8DB6FC517A4D0EE199171EE653FF945E,SHA256=58975DF4F35369C6522818194ECC2BD2DA20D36EA4C4F456DC71155837BE8461,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047956115Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:15.505{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=07C0CB6D24811B5E254F0B4459A8B10A,SHA256=A5EDE498DB8353964FC3D37CA6617B2E0486B59D2B4144AEE3BC58569E646E9C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725538Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:15.227{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B1A8F5A1C65ADA8EC21D80C95FF48604,SHA256=BAE0A3960A77C757E703CA3EF75776A837ED1599DB20C9D057211D3ADF9F1055,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047956118Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:16.540{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E1B291475D0B192034B12E90FE3D59A3,SHA256=D3E990645180B1ADFDA23C34F41F14934A663434E86B1C82DE6012E8875DED35,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725539Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:16.276{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AE0A3571261A7D03CE3CC20D7993E0CE,SHA256=B1B274AFF9A1BA0AFA519C1C9A7AD20374FD9D868374EA8537E94E141878C3C4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000047956117Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:12.962{3BF36828-4037-611D-7100-00000000CA01}4948C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local53794-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000047956120Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:17.571{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7200D91CC0F4290E73B9896C39D30F1C,SHA256=F0337A129D8D377B3FA979A45F827C0F8988AAC3A3A050A79E8C1BE742547A61,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000030725569Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:17.806{B81B27B7-4012-611D-0D00-00000000C801}792812C:\Windows\system32\svchost.exe{B81B27B7-4133-611D-AB00-00000000C801}4564C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725568Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:17.806{B81B27B7-4012-611D-0D00-00000000C801}792812C:\Windows\system32\svchost.exe{B81B27B7-4133-611D-AB00-00000000C801}4564C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725567Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:17.806{B81B27B7-4012-611D-0D00-00000000C801}792812C:\Windows\system32\svchost.exe{B81B27B7-4133-611D-AB00-00000000C801}4564C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725566Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:17.806{B81B27B7-4012-611D-0D00-00000000C801}792812C:\Windows\system32\svchost.exe{B81B27B7-4133-611D-AB00-00000000C801}4564C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725565Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:17.806{B81B27B7-4012-611D-0D00-00000000C801}792812C:\Windows\system32\svchost.exe{B81B27B7-4133-611D-AB00-00000000C801}4564C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725564Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:17.806{B81B27B7-4012-611D-0D00-00000000C801}792812C:\Windows\system32\svchost.exe{B81B27B7-4133-611D-AB00-00000000C801}4564C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725563Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:17.806{B81B27B7-4012-611D-0D00-00000000C801}792812C:\Windows\system32\svchost.exe{B81B27B7-4133-611D-AB00-00000000C801}4564C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725562Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:17.806{B81B27B7-4012-611D-0D00-00000000C801}792812C:\Windows\system32\svchost.exe{B81B27B7-4133-611D-AB00-00000000C801}4564C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725561Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:17.806{B81B27B7-4012-611D-0D00-00000000C801}792812C:\Windows\system32\svchost.exe{B81B27B7-4133-611D-AB00-00000000C801}4564C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725560Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:17.806{B81B27B7-4012-611D-0D00-00000000C801}792812C:\Windows\system32\svchost.exe{B81B27B7-4133-611D-AB00-00000000C801}4564C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725559Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:17.806{B81B27B7-4012-611D-0D00-00000000C801}792812C:\Windows\system32\svchost.exe{B81B27B7-4133-611D-AB00-00000000C801}4564C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725558Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:17.806{B81B27B7-4012-611D-0D00-00000000C801}792812C:\Windows\system32\svchost.exe{B81B27B7-4133-611D-AB00-00000000C801}4564C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725557Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:17.806{B81B27B7-4012-611D-0D00-00000000C801}792812C:\Windows\system32\svchost.exe{B81B27B7-4133-611D-AB00-00000000C801}4564C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725556Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:17.806{B81B27B7-4012-611D-0D00-00000000C801}792812C:\Windows\system32\svchost.exe{B81B27B7-4133-611D-AB00-00000000C801}4564C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725555Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:17.806{B81B27B7-4012-611D-0D00-00000000C801}792812C:\Windows\system32\svchost.exe{B81B27B7-4133-611D-AB00-00000000C801}4564C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725554Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:17.806{B81B27B7-4012-611D-0D00-00000000C801}792812C:\Windows\system32\svchost.exe{B81B27B7-4133-611D-AB00-00000000C801}4564C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725553Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:17.806{B81B27B7-4012-611D-0D00-00000000C801}792812C:\Windows\system32\svchost.exe{B81B27B7-4133-611D-AB00-00000000C801}4564C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725552Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:17.806{B81B27B7-4012-611D-0D00-00000000C801}792812C:\Windows\system32\svchost.exe{B81B27B7-4134-611D-AC00-00000000C801}4856C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725551Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:17.806{B81B27B7-4012-611D-0D00-00000000C801}792812C:\Windows\system32\svchost.exe{B81B27B7-4133-611D-AB00-00000000C801}4564C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725550Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:17.806{B81B27B7-4012-611D-0D00-00000000C801}792812C:\Windows\system32\svchost.exe{B81B27B7-4134-611D-AC00-00000000C801}4856C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725549Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:17.806{B81B27B7-4012-611D-0D00-00000000C801}792812C:\Windows\system32\svchost.exe{B81B27B7-4134-611D-AC00-00000000C801}4856C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725548Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:17.806{B81B27B7-4012-611D-0D00-00000000C801}792812C:\Windows\system32\svchost.exe{B81B27B7-4134-611D-AC00-00000000C801}4856C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725547Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:17.806{B81B27B7-4012-611D-0D00-00000000C801}792812C:\Windows\system32\svchost.exe{B81B27B7-4134-611D-AC00-00000000C801}4856C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725546Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:17.806{B81B27B7-4012-611D-0D00-00000000C801}792812C:\Windows\system32\svchost.exe{B81B27B7-4134-611D-AC00-00000000C801}4856C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725545Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:17.806{B81B27B7-4012-611D-0D00-00000000C801}792812C:\Windows\system32\svchost.exe{B81B27B7-4134-611D-AC00-00000000C801}4856C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725544Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:17.806{B81B27B7-4012-611D-0D00-00000000C801}792812C:\Windows\system32\svchost.exe{B81B27B7-AA34-611E-C92D-00000000C801}2908C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725543Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:17.806{B81B27B7-4012-611D-0D00-00000000C801}792812C:\Windows\system32\svchost.exe{B81B27B7-AA34-611E-C92D-00000000C801}2908C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725542Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:17.806{B81B27B7-4012-611D-0D00-00000000C801}792812C:\Windows\system32\svchost.exe{B81B27B7-AA34-611E-C92D-00000000C801}2908C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000030725541Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:17.324{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=77EBDE5B1612B00A2ECE9326F3087637,SHA256=47C2B00BDE3A61DCB18DABCFB771B54D1DE22366EB9E9897F5ACBFF90B4ACB4F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047956119Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:17.259{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=34519D8D028A9E2A734CFD45DAA467D8,SHA256=160D0B03D0A1D8E5BF364B8D6CE541639D44291ED21DADB3C195925B7D3050F1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000030725540Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:22.090{B81B27B7-401D-611D-6900-00000000C801}3616C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58871-false10.0.1.12-8000- 23542300x800000000000000030725570Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:18.574{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8D4972A75CEDA1FFCDDB8500DBE6A104,SHA256=3F37E97F9999CB636C6A3CB5F6D727903BA66AF3506F9E7A78CAFEE12B924F9D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047956122Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:18.743{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=4514ABAB8275AE8A674EDD1D675F4299,SHA256=7DA01911BA671B8C0DEBE932A8EE95CC83DA8B52D8EA306C5354ED9F32F8D2B5,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047956121Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:18.603{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B75E857F8A762260FD9EDF6E1D3B485E,SHA256=E6DCEBD23948B90F31959A1454F93B6E93D039A54DE61A86791AACA972C266B2,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725572Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:19.788{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=82E1CEE1700067F1D5A466271F3F2637,SHA256=9E692183CA9105E7949F818270387B812D74217D749A82F430F63757D2F59A2C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047956124Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:19.931{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=12CD032B0A7B196D345D04658FC9657D,SHA256=91A243156FB83448B9227E7E7D6CDF54ED817AF1F6502857E4A6C89488D7AA2A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047956123Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:19.665{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C8CA3CDB97ADA06147DC31B43B115734,SHA256=4EDA3A6DA2152D7D3F80C933B6F2264871AECA18C540A45E6FA9D0EB34A6B950,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725571Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:19.242{B81B27B7-4013-611D-2700-00000000C801}2076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=9D45E1BDB6F237A6CF51FFC6A12E6130,SHA256=87EEE278CDF62B2B86AF9CB87BDB04BAFB10272CEA175D83979B0C43158C5AB9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000030725591Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:20.941{B81B27B7-6438-6125-7500-01000000C801}19884372C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{B81B27B7-4013-611D-2700-00000000C801}2076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000030725590Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:20.840{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1564DC4DCF3999F47DFEEE8EE673023B,SHA256=B7FE25B8CFC8F7BE193DF7B5B3A8F433DF9DEA2491EF6E30477415F8DB15370D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047956126Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:20.681{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1160B1DEE5DADE2A046179F94A65E072,SHA256=EF21A8B773B10696C03FED0F184A91019B89A25EA9A912FD705E5DFA9CB42D68,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000030725589Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:20.703{B81B27B7-4014-611D-3000-00000000C801}31443164C:\Windows\system32\conhost.exe{B81B27B7-6438-6125-7500-01000000C801}1988C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725588Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:20.687{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725587Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:20.687{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725586Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:20.687{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725585Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:20.687{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725584Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:20.687{B81B27B7-4012-611D-0500-00000000C801}420436C:\Windows\system32\csrss.exe{B81B27B7-6438-6125-7500-01000000C801}1988C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000030725583Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:20.671{B81B27B7-4013-611D-2700-00000000C801}20763760C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{B81B27B7-6438-6125-7500-01000000C801}1988C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000030725582Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:20.672{B81B27B7-6438-6125-7500-01000000C801}1988C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{B81B27B7-4012-611D-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{B81B27B7-4013-611D-2700-00000000C801}2076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000030725581Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:20.224{B81B27B7-6437-6125-7400-01000000C801}63246848C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{B81B27B7-4013-611D-2700-00000000C801}2076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725580Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:20.004{B81B27B7-4014-611D-3000-00000000C801}31443164C:\Windows\system32\conhost.exe{B81B27B7-6437-6125-7400-01000000C801}6324C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725579Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:20.004{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725578Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:20.004{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725577Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:20.004{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725576Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:20.004{B81B27B7-4012-611D-0500-00000000C801}420984C:\Windows\system32\csrss.exe{B81B27B7-6437-6125-7400-01000000C801}6324C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000030725575Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:20.004{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725574Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:20.004{B81B27B7-4013-611D-2700-00000000C801}20763760C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{B81B27B7-6437-6125-7400-01000000C801}6324C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000030725573Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:19.989{B81B27B7-6437-6125-7400-01000000C801}6324C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{B81B27B7-4012-611D-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{B81B27B7-4013-611D-2700-00000000C801}2076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000047956125Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:20.431{3BF36828-401B-611D-1200-00000000CA01}760NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=E3B18AC70FB7957DF15D4109B915E9ED,SHA256=13735823B73A80A74FAF07320D3F71E841C52223B0F250BC7544AD192C91B957,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725595Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:21.850{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=883DEC277F5C08C0FE3E8BB9368908A5,SHA256=D75F8F22B4D46B312C206FAE9B195F4D5D225F96426A60897F5B0E117606835F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047956128Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:21.681{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=20489D30EAA535A95D068A56B0AB2E29,SHA256=B407A71C56E2563DE4A4C197C6817AEE2306CD3B99F52C1A1292882EC66A4960,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000030725594Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:26.149{B81B27B7-4013-611D-2700-00000000C801}2076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58872-false10.0.1.12-8089- 23542300x800000000000000030725593Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:21.001{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=3E9496FF25B23304E3F2471887FE8EE2,SHA256=AD7F738837FD0DDF06B92C3911BBD537DC381B70CF9D53E538F35A434C3D4ECB,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725592Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:21.001{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=EE7D8909560DE9C2A4DA61009797A2A7,SHA256=78F635D2B15F684220C6EC79A588A29C39D5F0A66FD8DDAC7889A5F2B872B856,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047956127Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:21.024{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=EEDDF90D928A432EFA9169A6BB6D0E58,SHA256=CF979536C93D3D86FF825A47E4601EBD06F2029E9E4EA33E1FED2E190ECFCB9D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725597Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:22.868{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A1DCF64B1DB242FE649357BFF392F492,SHA256=251D9AF16573EFAB031DFDFCEA044B7D325DC25161B1D6364BFCBE0C8AB0D33B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047956131Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:22.696{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=341CD66D4BB61B87851E23941DEBF866,SHA256=B1520F2965B7A855624473A7352128F53A08EE4230451F33487AA885867554E5,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000030725596Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:27.170{B81B27B7-401D-611D-6900-00000000C801}3616C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58873-false10.0.1.12-8000- 354300x800000000000000047956130Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:18.059{3BF36828-4037-611D-7100-00000000CA01}4948C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local53795-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000047956129Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:22.181{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=EBFCFE75FB395C8579EEA5787B86AE98,SHA256=E9501B2CDC7CAC5A05917B01B64F9094F8E449A265B201EA26A0D0733E6DDE2A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725606Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:23.883{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=347E6BFB3DB43339F23F5256E9B7DAD7,SHA256=2E68DF47DFD09E7D0F0F92ACEFDCBE733EBCB44EE67C0BB0D4F2B1EFE0E55ABA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047956133Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:23.712{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F9AF2D299B387AA8E1BEE383F242FE58,SHA256=70EB9D8143D381A5242CB5B5534885E58C67BE90D1B036DC240C5573CC73CA59,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000030725605Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:23.099{B81B27B7-4014-611D-3000-00000000C801}31443164C:\Windows\system32\conhost.exe{B81B27B7-643B-6125-7600-01000000C801}1288C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725604Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:23.099{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725603Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:23.099{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725602Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:23.099{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725601Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:23.099{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725600Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:23.099{B81B27B7-4012-611D-0500-00000000C801}420436C:\Windows\system32\csrss.exe{B81B27B7-643B-6125-7600-01000000C801}1288C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000030725599Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:23.099{B81B27B7-4013-611D-2700-00000000C801}20763760C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{B81B27B7-643B-6125-7600-01000000C801}1288C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000030725598Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:23.084{B81B27B7-643B-6125-7600-01000000C801}1288C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{B81B27B7-4012-611D-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{B81B27B7-4013-611D-2700-00000000C801}2076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000047956132Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:23.431{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B88316954062C17B892940EA8F051311,SHA256=2C11F3D879DE87D88EF290E0C2D177E88D741C7346A3A833245C73B36D847CF2,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047956135Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:24.899{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=12C59F2123114E93FEB33CD65819C691,SHA256=1AFF9527F525FAAB8B38404F50ABB0E5E9109F2328B2B2924A6025CCCF39B764,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047956134Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:24.728{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BFE38628F81A68572B891BB3F3CF1F30,SHA256=B04103DFDEFE913E52B5709AA1DDF5A1AAC772F44FD273C694B097CD62F4B9CB,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725608Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:24.913{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1A21FDDC81F3E64199B8C50342C6EAC9,SHA256=5694D25E159E24F6908AB87C8166F73EBC236196A433BEF56C87E9F6CB3D292D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725607Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:24.098{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=3E9496FF25B23304E3F2471887FE8EE2,SHA256=AD7F738837FD0DDF06B92C3911BBD537DC381B70CF9D53E538F35A434C3D4ECB,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047956136Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:25.790{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DD57796436B7E00CFBD2039DA8C20968,SHA256=2E8893A36B55C4120178BAFA0543BC432ED7EA61421D5CE7DF11723CC618A3DF,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725610Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:25.928{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=30BF9952490F0E701640692F109A5A74,SHA256=E48552C9022DDBE89CD21850DF0BB337B2D9232CA936A6A6D44B46C49BAD8671,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725609Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:25.748{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=DD0F43059DE1FC6D97AE5EE0C44D4E9E,SHA256=68606CE73BE446A633FFFADCF53E60CEB29D227066C69B3CC0E1CE21EB826324,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047956138Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:26.821{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=13675ADA39C42743856894471B3F0CDE,SHA256=469C337F9B787D37F06A083E0128D662C4097802675E0FABF7A02E987F09369E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047956137Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:26.024{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=7ABCE441CD6E3FECCDA0765CDF862C48,SHA256=2DFC41F16EC7CC6D42F0C0626997547A1AE9F7126A43CB95BEED2EB2A543F733,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047956141Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:27.853{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EC58869D6607C1E7144C2E15F658F47D,SHA256=63B87EC014E3B81CD95E8DBAF1A5307CF98D49AAD8814F6E557057C62E8D974B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000030725612Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:32.173{B81B27B7-401D-611D-6900-00000000C801}3616C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58874-false10.0.1.12-8000- 23542300x800000000000000030725611Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:27.011{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E075F36DC71B6F874E10C71D99448D9A,SHA256=1FFD6C39653C842D52FB6D5B6B96D13F28B603B44E0BD6DC826E32638E380609,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000047956140Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:23.903{3BF36828-4037-611D-7100-00000000CA01}4948C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local53796-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000047956139Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:27.290{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=8FB4A5D53730BB3D18036D1866B206D7,SHA256=BA2B534B96E7C195AA0A943F33CB57F0ED2DB0358F8A93F69E6B7CD91B89195A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047956143Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:28.884{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F7C4EF50D82618B52894C183FD8E62EC,SHA256=F1CAAB38377BF444E0BA8A02E47AF5ED75AAED0E3E51BDE3971D511486006037,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725613Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:28.025{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E69F2016276490C68EEF1A932FFB5C0C,SHA256=F1DE4CC19B77DBD0A2716194E1A75EB4B275F94586559308B0754BA62DCFD11C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047956142Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:28.337{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=605D80AB2860238903B724489F4FD779,SHA256=A42A508D3161686E40CEDC92A3595706AE9EB068B4FB576914BA2CD8FE3A0A28,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047956145Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:29.884{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A8EBD0C4229B26A506D14DCFEB51B9C6,SHA256=0CC7AB228294B15F27FDD7AF24F0403303BB1961FF2E1BFC34736A617339E2F5,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725614Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:29.046{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0B44CCE3F1397B97D071BA17E6308025,SHA256=25334549D7C73DE496D26CF1F1A8D8997CCB922A782C9DAE29EC6F3DD383E922,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047956144Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:29.571{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D9F056AA283B5137729C385245A55CF8,SHA256=90C70B76E87A137CE5D424B25E49AAC0A427DF53926B4FF48ECD34655347337E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047956146Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:30.915{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=46C9D9A49C49A5AD57815A2EFC449B6E,SHA256=811503F48B9BFF9035C5B0E7F526023A7D823E358248CF026E3368792E22D9C5,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725615Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:30.108{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=41BC79D2EE8299DAB1330895482AB4A1,SHA256=617406E23A6A86E3D0A9A0E43EAC43EC927B7B98B4EE981A72A03CA84406CCBC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047956148Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:31.915{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3BB8C6B8D7966CC403C4E95973D17C9F,SHA256=CE0C1362BBC9F88F82E124E81289C480720F7071A3CCB922CEEC456D3E1F33B3,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000030725617Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:37.190{B81B27B7-401D-611D-6900-00000000C801}3616C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58875-false10.0.1.12-8000- 23542300x800000000000000030725616Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:31.140{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6DEA3A1B7FE8DE7B79A7DFC86C44BC07,SHA256=B0333AB611BE9EEE56F3FCDEEF764FCC01A1B084D17CECD1736CB5979E5871CE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047956147Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:31.087{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=9A13D591F76851195B7F64EC7435B2DC,SHA256=D1670B3FD4D75D3FEE37C48A6611A4DA9EE20C78546CDCD10D4AA4CC55B566CB,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047956151Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:32.915{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D76FAB97A44B0071A0CD6FBC41DB3F57,SHA256=2F5D00DA1DB91E9E4294131C99A5902B130198D8C57F019766796B728D8B4B61,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725618Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:32.175{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=997846DD768523F44C4A9F0CCAED25C0,SHA256=AC338B4ACAE0951A76C24E551AF68D3B08254328110F891B499E84C7161901BB,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000047956150Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:28.981{3BF36828-4037-611D-7100-00000000CA01}4948C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local53797-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000047956149Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:32.181{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=7F3D89CB3C332BA2B215629DEF63E029,SHA256=94CED8DD7C112EF7C5657B68B9BC3C5ADBF2BBD591D44B602DB64E7CA2EF517B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047956153Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:33.931{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0667A436822ABAC8B5F585EDAF2F31FA,SHA256=857CAB684FF50BE299E5AE7F50C105A7F603799752900E79BB0D4859A225E355,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725619Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:33.205{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=87EE7442DF7C44DE52071399A9F604F5,SHA256=2A7ABEC2FE521A44A818B2CEE93BE946855BFC0BB1159767B7FFB06E0DE8BC80,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047956152Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:33.337{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A42A291C7ABC45E3E4EE3C16905FD1F1,SHA256=105BA8AE9B5237CFB477DE8F0821CBE3F708E10728D7E2915E2C437EE1B90D47,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047956155Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:34.931{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=87F943DA9B6A6E5D616224CE791C8A80,SHA256=A4C0E7489FCFFB1B2D91AC6A79D66838ADA2EF154C8862B1058D1A60C81542BE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725620Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:34.238{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=775B128D1D05256D3329A1F67B64AE12,SHA256=14473407839BB3EA019978800BFDC3FDDC0F1B3B5A6AE85F9140295394308FEA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047956154Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:34.618{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=3EDE57345D8BD0BD95769E8842D62AFF,SHA256=63FCA138B015F1DFD5EEAC4BB4D2E1A40D4C88C14BB63761AD05F003A79A399A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047956156Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:35.946{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A256A75ED8F885BDA19AA614C2658503,SHA256=0A618372DDE33622E693A48CB4E19591ABCF3C5DA2E74A6017ECA0AB449C6E56,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725621Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:35.257{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AC9610167012A589F718CD0A94FA300F,SHA256=43950637F8EE781FFAA96C869FBA541751FBD7E288F892C931D7716E337483CC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047956158Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:36.946{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1991A896C32D3734ACD901EFCA17DBAF,SHA256=0CE7424167EE49C77555239DED7B6377B846A398F0F0B6F0D0E448C72D0655B4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725622Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:36.287{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7CC1424FF4896B7AB8C565FF37094BC0,SHA256=932F4592342EB3FA5B6677E5EC0A63F060CB6DB772D20DA181D453C2646113A7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047956157Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:36.227{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=AF7485A35FACA2DF8E95A886EB401119,SHA256=90ADEEC90C9A370E0F44F3598FDFEC9168227605663D5223A206861CDAD5E6C7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047956161Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:37.961{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4F832F9C989EB1F22AFF4B43503E771F,SHA256=F59DB93497CE8810496386C8C9D5B0FD7FAC83336BCDE7ED07F9FEA5C51A3807,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725623Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:37.318{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=55D038E3026177A7F2CF994404AC3B96,SHA256=81AEEF5BA81975D8F8100C3D56119042AE367EB23276068AB075087C7D9CB0EC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000047956160Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:34.074{3BF36828-4037-611D-7100-00000000CA01}4948C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local53798-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000047956159Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:37.274{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=AFD2D4298455F1191454A75BA2D19927,SHA256=2141F318E99498FBD32577B8200614A6A1291252EC382DEC5D362D9851718233,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047956163Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:38.977{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8A7B664A2531EE0FBCEA7F64167073E4,SHA256=B1334E5B3F804D3C2EC18584CE9536D2DB8FFFCFBE9E11237E77F5DD07199506,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000030725625Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:43.000{B81B27B7-401D-611D-6900-00000000C801}3616C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58876-false10.0.1.12-8000- 23542300x800000000000000030725624Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:38.335{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FAFAD2A6AAE0CE8E277BBA69C4FFB997,SHA256=B93D1AA747A9FCC8C24D24BA552FB2BC96191B3A8087FC4462F680F6D9567D0B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047956162Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:38.633{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=9D5F2B625E265DA3AD0E93EF07265BC2,SHA256=CF78ABB7C2ED40E81D19D399B2E01E4D48E136E5152729CBF406565AB78ADC88,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047956165Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:39.977{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B7FDF52B9A4C87F20EDF1BC7AC8C5A7A,SHA256=04B479E66FFB1917FE1B41A446DAA3A4106EFA6BBB1A8FE78972EA370AAD86B4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725626Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:39.353{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DC00D2CA09707D23FA3EBFFB1D5540A8,SHA256=95827274172BC8B9ECCD369936910D034397A5B759CA2562D76B78865D33FB4A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047956164Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:39.696{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=49548871A6FD0F820C19FDEEEC76C15B,SHA256=18BD5DD8BE55A39791B83EC7A1331FAB1F6333506DFAEE4C8FA44F1AB6A653BB,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047956166Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:40.992{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C5457F12521B3BEC3897A63F293D5A65,SHA256=6BC3FD592B09C3D911D1699DCE1644B708DF895B1F39BDCDFEF0A81AB4E44899,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725627Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:40.415{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=20CC62FB811558E5DC9BC1FBB15BBCFB,SHA256=D3DC033DBF8648F5C0C1427AC0F0655443E89810FC81CA3F183199F0C572A7DA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725628Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:41.432{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=69DFC54308A9E30424AAB195F13D990C,SHA256=C6ABD38AEED6739D50FC803898F3A377F05DC9EC1C3EECFECA260B4F86C7116E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047956167Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:41.180{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=633B3530C4A4B10EBEBE2C5795B9073D,SHA256=5D9863E0FB33AF16D308919722BE28831B7BBD44CF672BA4ADD9BC33747CC522,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725629Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:42.450{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ECF5EFD6373A076C314858AC698D60FB,SHA256=23291BE39095523FD83A4DCDC6D239CB865667AFADAC3394E12E2F84EB0A9E3F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047956169Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:42.289{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=5C31308CB9DB43236807F34C2EA8DEF5,SHA256=E62F36EAEF2D7C48CC69B23C3BCE7918E0791729BF56F0FE1E1FABDFABB3E8FF,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047956168Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:42.008{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DA2FD35163EC368F4DE041B1E6AAB3B0,SHA256=19C73B2C6A44910E57763139BC5E1849A8ABBDBBD70B5D6CB75DF8D812BAC9DC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000030725631Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:48.143{B81B27B7-401D-611D-6900-00000000C801}3616C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58877-false10.0.1.12-8000- 23542300x800000000000000030725630Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:43.496{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=37AD2A06BE376A52B796D792670DA440,SHA256=62E2A75ACADB30241B871DDC149884E3CB2EBFF6A3B9E680EF70A69BA7F271B4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000047956232Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:39.887{3BF36828-4037-611D-7100-00000000CA01}4948C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local53799-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 10341000x800000000000000047956231Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:43.664{3BF36828-644F-6125-61F4-00000000CA01}844184C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{3BF36828-402C-611D-3000-00000000CA01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000047956230Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:43.664{3BF36828-644F-6125-61F4-00000000CA01}844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000047956229Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:43.664{3BF36828-644F-6125-61F4-00000000CA01}844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 23542300x800000000000000047956228Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:43.664{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F2250DD6AF9761709D6010A101E0DE8A,SHA256=7B235FD8E49F8C335828577FC15E672F0F0C72BC9D5758BC89E2878E05E3304F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x800000000000000047956227Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:43.477{3BF36828-644F-6125-61F4-00000000CA01}844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000047956226Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:43.477{3BF36828-644F-6125-61F4-00000000CA01}844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rsaenh.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=B6E99FD898E948657373BB02708C7C00,SHA256=90476029BD7AB0FEC53AAE567AE53BC0B09C7C5C8C7B8F19485BA872B74ED591,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000047956225Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:43.477{3BF36828-644F-6125-61F4-00000000CA01}844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000047956224Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:43.477{3BF36828-644F-6125-61F4-00000000CA01}844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000047956223Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:43.477{3BF36828-644F-6125-61F4-00000000CA01}844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000047956222Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:43.477{3BF36828-644F-6125-61F4-00000000CA01}844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000047956221Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:43.477{3BF36828-644F-6125-61F4-00000000CA01}844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000047956220Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:43.477{3BF36828-644F-6125-61F4-00000000CA01}844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000047956219Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:43.477{3BF36828-644F-6125-61F4-00000000CA01}844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000047956218Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:43.461{3BF36828-644F-6125-61F4-00000000CA01}844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000047956217Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:43.461{3BF36828-644F-6125-61F4-00000000CA01}844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000047956216Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:43.461{3BF36828-644F-6125-61F4-00000000CA01}844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000047956215Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:43.461{3BF36828-644F-6125-61F4-00000000CA01}844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000047956214Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:43.461{3BF36828-644F-6125-61F4-00000000CA01}844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000047956213Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:43.461{3BF36828-644F-6125-61F4-00000000CA01}844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000047956212Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:43.461{3BF36828-644F-6125-61F4-00000000CA01}844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000047956211Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:43.461{3BF36828-644F-6125-61F4-00000000CA01}844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000047956210Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:43.461{3BF36828-644F-6125-61F4-00000000CA01}844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000047956209Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:43.461{3BF36828-644F-6125-61F4-00000000CA01}844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000047956208Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:43.461{3BF36828-644F-6125-61F4-00000000CA01}844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000047956207Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:43.461{3BF36828-644F-6125-61F4-00000000CA01}844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000047956206Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:43.461{3BF36828-644F-6125-61F4-00000000CA01}844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000047956205Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:43.461{3BF36828-644F-6125-61F4-00000000CA01}844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000047956204Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:43.461{3BF36828-644F-6125-61F4-00000000CA01}844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\advapi32.dll10.0.14393.2969 (rs1_release.190503-1820)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=F5442C4B9A99C3AED71BED79AC46DAD1,SHA256=05F47403F3BD93FB11F39A5CB4D6E4DD08B35FF4FA3D4969D8E5396D38FB484B,IMPHASH=D2F471BB25AF6310EB67BD4EA99B4DBCtrueMicrosoft WindowsValid 734700x800000000000000047956203Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:43.461{3BF36828-644F-6125-61F4-00000000CA01}844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000047956202Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:43.461{3BF36828-644F-6125-61F4-00000000CA01}844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000047956201Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:43.461{3BF36828-644F-6125-61F4-00000000CA01}844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000047956200Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:43.461{3BF36828-644F-6125-61F4-00000000CA01}844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000047956199Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:43.461{3BF36828-644F-6125-61F4-00000000CA01}844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4350 (rs1_release.210407-2154)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=BC930981DA6E598A6A2E87D8355CB38A,SHA256=34DB9A305C0574B5C1694A499221B520DFB2BFD894D8E95096ABF09F1182D758,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000047956198Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:43.461{3BF36828-644F-6125-61F4-00000000CA01}844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000047956197Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:43.461{3BF36828-644F-6125-61F4-00000000CA01}844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\combase.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=88632FDECDE467B887C3594BE2EC545C,SHA256=FFED4D80961917C785063411ED15CED1DB6588AD925E76D72E1BF684FFDBF25D,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000047956196Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:43.461{3BF36828-644F-6125-61F4-00000000CA01}844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000047956195Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:43.461{3BF36828-644F-6125-61F4-00000000CA01}844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000047956194Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:43.461{3BF36828-644F-6125-61F4-00000000CA01}844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000047956193Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:43.461{3BF36828-644F-6125-61F4-00000000CA01}844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000047956192Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:43.461{3BF36828-644F-6125-61F4-00000000CA01}844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 10341000x800000000000000047956191Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:43.461{3BF36828-402D-611D-3A00-00000000CA01}36083628C:\Windows\system32\conhost.exe{3BF36828-644F-6125-61F4-00000000CA01}844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000047956190Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:43.461{3BF36828-644F-6125-61F4-00000000CA01}844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000047956189Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:43.461{3BF36828-644F-6125-61F4-00000000CA01}844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000047956188Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:43.461{3BF36828-644F-6125-61F4-00000000CA01}844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000047956187Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:43.461{3BF36828-644F-6125-61F4-00000000CA01}844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exeMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165trueSplunk, Inc.Valid 10341000x800000000000000047956186Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:43.461{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047956185Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:43.461{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047956184Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:43.461{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047956183Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:43.461{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047956182Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:43.461{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047956181Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:43.461{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047956180Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:43.461{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047956179Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:43.461{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047956178Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:43.461{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047956177Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:43.461{3BF36828-4019-611D-0500-00000000CA01}408424C:\Windows\system32\csrss.exe{3BF36828-644F-6125-61F4-00000000CA01}844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000047956176Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:43.461{3BF36828-402C-611D-3000-00000000CA01}22204860C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3BF36828-644F-6125-61F4-00000000CA01}844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000047956175Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:43.446{3BF36828-644F-6125-61F4-00000000CA01}844C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{3BF36828-4019-611D-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{3BF36828-402C-611D-3000-00000000CA01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000047956174Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:43.446{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F6F1679878DD88DEF2E5B3A861501DC1,SHA256=D35A91C6008EC4BED00221FD485E26F8EF3292E5EE4D8FBE9F6AE60D69B8DBF0,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047956173Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:43.008{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5334C01D5CE630ADE86E09B599E79C23,SHA256=BC8AD89904650DEC66EEF5D7F6DBDCC5A7D1C2C7DBEAA911D058DF17ACE1F816,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000047956172Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:43.008{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-401B-611D-1600-00000000CA01}1296C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047956171Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:43.008{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-401B-611D-1600-00000000CA01}1296C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047956170Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:43.008{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-401B-611D-1600-00000000CA01}1296C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000030725632Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:44.511{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EF0C03180FE432938BE67EFB5A8F06E7,SHA256=EA35F8E3429345B10DB0D29102057E0A2389CD04640D5B7B170FF8AE8B9E773F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047956355Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.946{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=428B76F9E6980549A2656CCBBCAEF507,SHA256=F4AC427EABC669598FBB0BB7AD37F53CE89FD33A7C14740E00D999A557A998CC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x800000000000000047956354Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.852{3BF36828-6450-6125-63F4-00000000CA01}5648C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000047956353Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.852{3BF36828-6450-6125-63F4-00000000CA01}5648C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000047956352Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.852{3BF36828-6450-6125-63F4-00000000CA01}5648C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 23542300x800000000000000047956351Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.836{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=1E99E57534912EBB4D615E2EBC9EA2E7,SHA256=83BD2CBA1007BCCFF9C094ECBD2EB630730E80DA0D3077EA856F905FC42B40FC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047956350Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.774{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F32E36AEE243417FBAE338A324D09A71,SHA256=3041BB15823E985B996D47F8A6108DF0A52FD09FAAE25C0630E8438ED7481E79,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047956349Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.711{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D2D23BFA4E71AC5443021F95EB46EA26,SHA256=E8D7128689840D43D76F7816D77C5F3DDA28583DA5A1CB88E44DEE540D9F592C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x800000000000000047956348Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.680{3BF36828-6450-6125-63F4-00000000CA01}5648C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000047956347Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.680{3BF36828-6450-6125-63F4-00000000CA01}5648C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=B6E99FD898E948657373BB02708C7C00,SHA256=90476029BD7AB0FEC53AAE567AE53BC0B09C7C5C8C7B8F19485BA872B74ED591,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000047956346Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.680{3BF36828-6450-6125-63F4-00000000CA01}5648C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000047956345Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.680{3BF36828-6450-6125-63F4-00000000CA01}5648C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000047956344Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.680{3BF36828-6450-6125-63F4-00000000CA01}5648C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000047956343Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.680{3BF36828-6450-6125-63F4-00000000CA01}5648C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000047956342Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.680{3BF36828-6450-6125-63F4-00000000CA01}5648C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000047956341Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.680{3BF36828-6450-6125-63F4-00000000CA01}5648C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 23542300x800000000000000047956340Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.680{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=47B54C250B7FA8EC5B8ED79174FDF76B,SHA256=3B54DEE1EC158F4D6CC951D69841C658A8B9DBAC9A4C45D6A7876D67B5770042,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x800000000000000047956339Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.664{3BF36828-6450-6125-63F4-00000000CA01}5648C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sspicli.dll10.0.14393.2580 (rs1_release_inmarket.181009-1745)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=5061339CE61C0B32DB8F51A95E3B2422,SHA256=60558CA374334D4C6BBAD475921538C14A9FF3422893348A0503C1F33015FD25,IMPHASH=4B1C9487A6420C18F688F0EC5BEB6F33trueMicrosoft WindowsValid 734700x800000000000000047956338Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.664{3BF36828-6450-6125-63F4-00000000CA01}5648C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000047956337Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.664{3BF36828-6450-6125-63F4-00000000CA01}5648C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000047956336Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.664{3BF36828-6450-6125-63F4-00000000CA01}5648C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000047956335Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.664{3BF36828-6450-6125-63F4-00000000CA01}5648C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000047956334Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.664{3BF36828-6450-6125-63F4-00000000CA01}5648C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\combase.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=88632FDECDE467B887C3594BE2EC545C,SHA256=FFED4D80961917C785063411ED15CED1DB6588AD925E76D72E1BF684FFDBF25D,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000047956333Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.664{3BF36828-6450-6125-63F4-00000000CA01}5648C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000047956332Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.664{3BF36828-6450-6125-63F4-00000000CA01}5648C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000047956331Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.664{3BF36828-6450-6125-63F4-00000000CA01}5648C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000047956330Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.664{3BF36828-6450-6125-63F4-00000000CA01}5648C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000047956329Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.664{3BF36828-6450-6125-63F4-00000000CA01}5648C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000047956328Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.664{3BF36828-6450-6125-63F4-00000000CA01}5648C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000047956327Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.664{3BF36828-6450-6125-63F4-00000000CA01}5648C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000047956326Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.664{3BF36828-6450-6125-63F4-00000000CA01}5648C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000047956325Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.664{3BF36828-6450-6125-63F4-00000000CA01}5648C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000047956324Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.664{3BF36828-6450-6125-63F4-00000000CA01}5648C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000047956323Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.664{3BF36828-6450-6125-63F4-00000000CA01}5648C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000047956322Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.664{3BF36828-6450-6125-63F4-00000000CA01}5648C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000047956321Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.664{3BF36828-6450-6125-63F4-00000000CA01}5648C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000047956320Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.664{3BF36828-6450-6125-63F4-00000000CA01}5648C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000047956319Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.664{3BF36828-6450-6125-63F4-00000000CA01}5648C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000047956318Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.664{3BF36828-6450-6125-63F4-00000000CA01}5648C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000047956317Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.664{3BF36828-6450-6125-63F4-00000000CA01}5648C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\nsi.dll10.0.14393.3297 (rs1_release_1.191001-1045)NSI User-mode interface DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationnsi.dllMD5=994E2A6D2A0B38E0968B3998E42033AC,SHA256=491F2D1DE09C39B324BCF5800198AC7CCE755F4023F1FEB3854D33716461BC27,IMPHASH=B01B7830101BC0D5FBDE4FFE2B170CF7trueMicrosoft WindowsValid 734700x800000000000000047956316Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.664{3BF36828-6450-6125-63F4-00000000CA01}5648C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000047956315Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.664{3BF36828-6450-6125-63F4-00000000CA01}5648C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000047956314Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.664{3BF36828-6450-6125-63F4-00000000CA01}5648C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\IPHLPAPI.DLL10.0.14393.2339 (rs1_release_inmarket.180611-1502)IP Helper APIMicrosoft® Windows® Operating SystemMicrosoft Corporationiphlpapi.dllMD5=3CD38EDF9CA12F91131EDEE32D1C9DF5,SHA256=AF2440640BF8BDEAAF0DECDD7C354158E415ED0AA340ABA7A6CCCDC09C1E728B,IMPHASH=98738BA55485CCA932F6D222F47FFC55trueMicrosoft WindowsValid 734700x800000000000000047956313Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.664{3BF36828-6450-6125-63F4-00000000CA01}5648C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dnsapi.dll10.0.14393.4350 (rs1_release.210407-2154)DNS Client API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationdnsapiMD5=D7651F99299B13D576A72643BFC44944,SHA256=589302E630C473DBDF4CE92C59F00B029FCA0C228E7111A764166E16025FA1A9,IMPHASH=3C043C6FF0F62DAEB8819606F79C5ECCtrueMicrosoft WindowsValid 734700x800000000000000047956312Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.664{3BF36828-6450-6125-63F4-00000000CA01}5648C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5,IMPHASH=0D8FF9DE2DA5C07D680347B1A098E759trueMicrosoft WindowsValid 734700x800000000000000047956311Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.664{3BF36828-6450-6125-63F4-00000000CA01}5648C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\advapi32.dll10.0.14393.2969 (rs1_release.190503-1820)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=F5442C4B9A99C3AED71BED79AC46DAD1,SHA256=05F47403F3BD93FB11F39A5CB4D6E4DD08B35FF4FA3D4969D8E5396D38FB484B,IMPHASH=D2F471BB25AF6310EB67BD4EA99B4DBCtrueMicrosoft WindowsValid 734700x800000000000000047956310Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.664{3BF36828-6450-6125-63F4-00000000CA01}5648C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4350 (rs1_release.210407-2154)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=BC930981DA6E598A6A2E87D8355CB38A,SHA256=34DB9A305C0574B5C1694A499221B520DFB2BFD894D8E95096ABF09F1182D758,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000047956309Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.664{3BF36828-6450-6125-63F4-00000000CA01}5648C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000047956308Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.664{3BF36828-6450-6125-63F4-00000000CA01}5648C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 10341000x800000000000000047956307Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.664{3BF36828-402D-611D-3A00-00000000CA01}36083628C:\Windows\system32\conhost.exe{3BF36828-6450-6125-63F4-00000000CA01}5648C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000047956306Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.664{3BF36828-6450-6125-63F4-00000000CA01}5648C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000047956305Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.664{3BF36828-6450-6125-63F4-00000000CA01}5648C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 10341000x800000000000000047956304Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.664{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047956303Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.664{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047956302Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.664{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047956301Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.664{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000047956300Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.664{3BF36828-6450-6125-63F4-00000000CA01}5648C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 10341000x800000000000000047956299Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.664{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047956298Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.664{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000047956297Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.664{3BF36828-6450-6125-63F4-00000000CA01}5648C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exeMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AECtrueSplunk, Inc.Valid 10341000x800000000000000047956296Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.664{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047956295Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.664{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047956294Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.664{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047956293Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.664{3BF36828-4019-611D-0500-00000000CA01}408356C:\Windows\system32\csrss.exe{3BF36828-6450-6125-63F4-00000000CA01}5648C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000047956292Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.664{3BF36828-402C-611D-3000-00000000CA01}22204860C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3BF36828-6450-6125-63F4-00000000CA01}5648C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000047956291Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.653{3BF36828-6450-6125-63F4-00000000CA01}5648C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{3BF36828-4019-611D-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{3BF36828-402C-611D-3000-00000000CA01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000047956290Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.649{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=0C911929B0C0E5AC7E6F814F293CDB2A,SHA256=972B4C9CCB897E4D9E6F422C5345445232765FEC16C798D288D4CB36A885EE30,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x800000000000000047956289Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.211{3BF36828-6450-6125-62F4-00000000CA01}5340C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000047956288Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.211{3BF36828-6450-6125-62F4-00000000CA01}5340C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000047956287Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.211{3BF36828-6450-6125-62F4-00000000CA01}5340C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x800000000000000047956286Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.071{3BF36828-6450-6125-62F4-00000000CA01}5340C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000047956285Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.071{3BF36828-6450-6125-62F4-00000000CA01}5340C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rsaenh.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=B6E99FD898E948657373BB02708C7C00,SHA256=90476029BD7AB0FEC53AAE567AE53BC0B09C7C5C8C7B8F19485BA872B74ED591,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000047956284Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.071{3BF36828-6450-6125-62F4-00000000CA01}5340C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000047956283Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.071{3BF36828-6450-6125-62F4-00000000CA01}5340C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000047956282Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.071{3BF36828-6450-6125-62F4-00000000CA01}5340C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000047956281Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.071{3BF36828-6450-6125-62F4-00000000CA01}5340C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000047956280Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.071{3BF36828-6450-6125-62F4-00000000CA01}5340C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000047956279Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.071{3BF36828-6450-6125-62F4-00000000CA01}5340C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000047956278Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.055{3BF36828-6450-6125-62F4-00000000CA01}5340C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000047956277Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.039{3BF36828-6450-6125-62F4-00000000CA01}5340C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000047956276Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.039{3BF36828-6450-6125-62F4-00000000CA01}5340C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000047956275Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.039{3BF36828-6450-6125-62F4-00000000CA01}5340C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000047956274Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.039{3BF36828-6450-6125-62F4-00000000CA01}5340C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000047956273Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.039{3BF36828-6450-6125-62F4-00000000CA01}5340C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000047956272Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.039{3BF36828-6450-6125-62F4-00000000CA01}5340C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\combase.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=88632FDECDE467B887C3594BE2EC545C,SHA256=FFED4D80961917C785063411ED15CED1DB6588AD925E76D72E1BF684FFDBF25D,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000047956271Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.039{3BF36828-6450-6125-62F4-00000000CA01}5340C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000047956270Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.039{3BF36828-6450-6125-62F4-00000000CA01}5340C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000047956269Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.039{3BF36828-6450-6125-62F4-00000000CA01}5340C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000047956268Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.039{3BF36828-6450-6125-62F4-00000000CA01}5340C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000047956267Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.039{3BF36828-6450-6125-62F4-00000000CA01}5340C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000047956266Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.039{3BF36828-6450-6125-62F4-00000000CA01}5340C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000047956265Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.039{3BF36828-6450-6125-62F4-00000000CA01}5340C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000047956264Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.039{3BF36828-6450-6125-62F4-00000000CA01}5340C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000047956263Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.039{3BF36828-6450-6125-62F4-00000000CA01}5340C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000047956262Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.039{3BF36828-6450-6125-62F4-00000000CA01}5340C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4350 (rs1_release.210407-2154)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=BC930981DA6E598A6A2E87D8355CB38A,SHA256=34DB9A305C0574B5C1694A499221B520DFB2BFD894D8E95096ABF09F1182D758,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000047956261Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.039{3BF36828-6450-6125-62F4-00000000CA01}5340C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000047956260Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.039{3BF36828-6450-6125-62F4-00000000CA01}5340C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000047956259Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.039{3BF36828-6450-6125-62F4-00000000CA01}5340C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000047956258Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.039{3BF36828-6450-6125-62F4-00000000CA01}5340C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000047956257Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.039{3BF36828-6450-6125-62F4-00000000CA01}5340C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000047956256Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.039{3BF36828-6450-6125-62F4-00000000CA01}5340C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000047956255Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.039{3BF36828-6450-6125-62F4-00000000CA01}5340C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000047956254Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.039{3BF36828-6450-6125-62F4-00000000CA01}5340C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\fltLib.dll10.0.14393.0 (rs1_release.160715-1616)Filter LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationfilterLib.dllMD5=051ABD8360BDA63A1BC77C662FBF0A25,SHA256=C914E2DBAEC2C9A11923A984B30A979637D3A27B3C29E93F4C90FB1D9FBC518F,IMPHASH=74D3C2DA8B6F9861866B866AE40683D3trueMicrosoft WindowsValid 734700x800000000000000047956253Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.039{3BF36828-6450-6125-62F4-00000000CA01}5340C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000047956252Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.039{3BF36828-6450-6125-62F4-00000000CA01}5340C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000047956251Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.039{3BF36828-6450-6125-62F4-00000000CA01}5340C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\advapi32.dll10.0.14393.2969 (rs1_release.190503-1820)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=F5442C4B9A99C3AED71BED79AC46DAD1,SHA256=05F47403F3BD93FB11F39A5CB4D6E4DD08B35FF4FA3D4969D8E5396D38FB484B,IMPHASH=D2F471BB25AF6310EB67BD4EA99B4DBCtrueMicrosoft WindowsValid 10341000x800000000000000047956250Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.039{3BF36828-402D-611D-3A00-00000000CA01}36083628C:\Windows\system32\conhost.exe{3BF36828-6450-6125-62F4-00000000CA01}5340C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000047956249Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.039{3BF36828-6450-6125-62F4-00000000CA01}5340C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000047956248Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.039{3BF36828-6450-6125-62F4-00000000CA01}5340C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 10341000x800000000000000047956247Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.039{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000047956246Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.039{3BF36828-6450-6125-62F4-00000000CA01}5340C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 10341000x800000000000000047956245Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.039{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047956244Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.039{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047956243Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.039{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000047956242Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.039{3BF36828-6450-6125-62F4-00000000CA01}5340C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exeMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8trueSplunk, Inc.Valid 10341000x800000000000000047956241Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.039{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047956240Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.039{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047956239Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.039{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047956238Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.039{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047956237Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.039{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047956236Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.039{3BF36828-4019-611D-0500-00000000CA01}408356C:\Windows\system32\csrss.exe{3BF36828-6450-6125-62F4-00000000CA01}5340C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000047956235Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.024{3BF36828-402C-611D-3000-00000000CA01}22204860C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3BF36828-6450-6125-62F4-00000000CA01}5340C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000047956234Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.025{3BF36828-6450-6125-62F4-00000000CA01}5340C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{3BF36828-4019-611D-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{3BF36828-402C-611D-3000-00000000CA01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000047956233Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:44.008{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E2C8FF1F758A08684717AA8A28F8143E,SHA256=D46DB943CC480D6DC0A20521F49E17510B119889B8F690466B31FC4C6669B03A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725633Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:45.527{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=456E85669610A568BFBA068DDF8E1EBB,SHA256=CE2CD98488581B8B1F54A77C895C6080FC3F9836FA5951E9F0D2F8BA705BEC88,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047956417Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:45.821{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=8873A69274A1EF4A24D1C2BF200C31D6,SHA256=75A8138505CB82E48EA07DEC357DC92776D11F3F68B22702014A1F9F6F3C03FB,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047956416Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:45.758{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=ACC9D1CCFB40C566C52DF7BF7503FDB8,SHA256=92E66B44AF5A957957419FF26D4324F1FA8A46D8A683B9F58A8757A842D396E4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047956415Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:45.696{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=73E3AADF6EE7171C2676DA7960D211C3,SHA256=6AD1CD62A54ED2E67E52FCD54E27D07F892B4E07E727CA7A5AE71CEC0F526BEC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047956414Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:45.664{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=24F30D09A67E4657C09690FBB0BB9C53,SHA256=FFC50B6F5C39D72F32823E4927642F7044A1D2BC6F94562B21346E41E5AE94C7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047956413Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:45.664{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=FDD6A1B1D74AB9F1C58B0F88D71C8457,SHA256=D69E10FE437BC354672B360A73B863E7EF053E00295450B203DB9095DD8BAD4C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x800000000000000047956412Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:45.492{3BF36828-6451-6125-64F4-00000000CA01}1608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 10341000x800000000000000047956411Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:45.492{3BF36828-6451-6125-64F4-00000000CA01}16086116C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{3BF36828-402C-611D-3000-00000000CA01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000047956410Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:45.492{3BF36828-6451-6125-64F4-00000000CA01}1608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000047956409Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:45.492{3BF36828-6451-6125-64F4-00000000CA01}1608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x800000000000000047956408Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:45.367{3BF36828-6451-6125-64F4-00000000CA01}1608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000047956407Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:45.367{3BF36828-6451-6125-64F4-00000000CA01}1608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=B6E99FD898E948657373BB02708C7C00,SHA256=90476029BD7AB0FEC53AAE567AE53BC0B09C7C5C8C7B8F19485BA872B74ED591,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000047956406Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:45.367{3BF36828-6451-6125-64F4-00000000CA01}1608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000047956405Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:45.367{3BF36828-6451-6125-64F4-00000000CA01}1608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000047956404Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:45.352{3BF36828-6451-6125-64F4-00000000CA01}1608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000047956403Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:45.352{3BF36828-6451-6125-64F4-00000000CA01}1608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000047956402Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:45.352{3BF36828-6451-6125-64F4-00000000CA01}1608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000047956401Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:45.352{3BF36828-6451-6125-64F4-00000000CA01}1608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000047956400Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:45.352{3BF36828-6451-6125-64F4-00000000CA01}1608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000047956399Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:45.352{3BF36828-6451-6125-64F4-00000000CA01}1608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000047956398Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:45.352{3BF36828-6451-6125-64F4-00000000CA01}1608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000047956397Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:45.352{3BF36828-6451-6125-64F4-00000000CA01}1608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000047956396Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:45.352{3BF36828-6451-6125-64F4-00000000CA01}1608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=88632FDECDE467B887C3594BE2EC545C,SHA256=FFED4D80961917C785063411ED15CED1DB6588AD925E76D72E1BF684FFDBF25D,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000047956395Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:45.352{3BF36828-6451-6125-64F4-00000000CA01}1608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000047956394Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:45.352{3BF36828-6451-6125-64F4-00000000CA01}1608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000047956393Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:45.352{3BF36828-6451-6125-64F4-00000000CA01}1608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000047956392Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:45.352{3BF36828-6451-6125-64F4-00000000CA01}1608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000047956391Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:45.352{3BF36828-6451-6125-64F4-00000000CA01}1608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000047956390Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:45.352{3BF36828-6451-6125-64F4-00000000CA01}1608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000047956389Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:45.352{3BF36828-6451-6125-64F4-00000000CA01}1608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000047956388Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:45.352{3BF36828-6451-6125-64F4-00000000CA01}1608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000047956387Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:45.352{3BF36828-6451-6125-64F4-00000000CA01}1608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000047956386Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:45.352{3BF36828-6451-6125-64F4-00000000CA01}1608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000047956385Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:45.352{3BF36828-6451-6125-64F4-00000000CA01}1608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000047956384Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:45.352{3BF36828-6451-6125-64F4-00000000CA01}1608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4350 (rs1_release.210407-2154)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=BC930981DA6E598A6A2E87D8355CB38A,SHA256=34DB9A305C0574B5C1694A499221B520DFB2BFD894D8E95096ABF09F1182D758,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000047956383Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:45.352{3BF36828-6451-6125-64F4-00000000CA01}1608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000047956382Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:45.352{3BF36828-6451-6125-64F4-00000000CA01}1608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000047956381Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:45.352{3BF36828-6451-6125-64F4-00000000CA01}1608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000047956380Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:45.352{3BF36828-6451-6125-64F4-00000000CA01}1608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000047956379Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:45.352{3BF36828-6451-6125-64F4-00000000CA01}1608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000047956378Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:45.352{3BF36828-6451-6125-64F4-00000000CA01}1608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000047956377Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:45.352{3BF36828-6451-6125-64F4-00000000CA01}1608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000047956376Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:45.352{3BF36828-6451-6125-64F4-00000000CA01}1608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000047956375Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:45.352{3BF36828-6451-6125-64F4-00000000CA01}1608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000047956374Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:45.352{3BF36828-6451-6125-64F4-00000000CA01}1608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.2969 (rs1_release.190503-1820)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=F5442C4B9A99C3AED71BED79AC46DAD1,SHA256=05F47403F3BD93FB11F39A5CB4D6E4DD08B35FF4FA3D4969D8E5396D38FB484B,IMPHASH=D2F471BB25AF6310EB67BD4EA99B4DBCtrueMicrosoft WindowsValid 10341000x800000000000000047956373Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:45.352{3BF36828-402D-611D-3A00-00000000CA01}36083628C:\Windows\system32\conhost.exe{3BF36828-6451-6125-64F4-00000000CA01}1608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000047956372Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:45.352{3BF36828-6451-6125-64F4-00000000CA01}1608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000047956371Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:45.352{3BF36828-6451-6125-64F4-00000000CA01}1608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000047956370Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:45.352{3BF36828-6451-6125-64F4-00000000CA01}1608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 10341000x800000000000000047956369Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:45.352{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000047956368Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:45.352{3BF36828-6451-6125-64F4-00000000CA01}1608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1CtrueSplunk, Inc.Valid 10341000x800000000000000047956367Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:45.352{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047956366Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:45.352{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047956365Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:45.352{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047956364Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:45.352{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047956363Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:45.352{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047956362Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:45.352{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047956361Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:45.352{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047956360Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:45.352{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047956359Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:45.352{3BF36828-4019-611D-0500-00000000CA01}408424C:\Windows\system32\csrss.exe{3BF36828-6451-6125-64F4-00000000CA01}1608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000047956358Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:45.352{3BF36828-402C-611D-3000-00000000CA01}22204860C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3BF36828-6451-6125-64F4-00000000CA01}1608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000047956357Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:45.337{3BF36828-6451-6125-64F4-00000000CA01}1608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{3BF36828-4019-611D-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{3BF36828-402C-611D-3000-00000000CA01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000047956356Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:45.024{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B2CEB0CDD1D6A76ED75EA0693CFAF53C,SHA256=3FAC035B978F983851F6D47FB8872F71873E14A0F3305F1CD60ACEE13AD7098A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725634Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:46.577{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7884111E5C56E92FE4FA9A6723526A89,SHA256=7D70FF9907D02A24F636CD9023F3434EDBE25508508110EE6F1A803079D084EE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x800000000000000047956532Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.867{3BF36828-6452-6125-66F4-00000000CA01}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 10341000x800000000000000047956531Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.867{3BF36828-6452-6125-66F4-00000000CA01}41525636C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{3BF36828-402C-611D-3000-00000000CA01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000047956530Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.867{3BF36828-6452-6125-66F4-00000000CA01}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000047956529Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.867{3BF36828-6452-6125-66F4-00000000CA01}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 23542300x800000000000000047956528Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.805{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3F4882BFC466128F7242D79A6CF92F99,SHA256=5BAAFF32EF682D2AFCCDB991DA7A7209F19503A83A3D2EB02D6FBF065C97E51B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047956527Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.805{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C0D6F69848083097A0EAC7230D7F4488,SHA256=CC25C975DBF2B5E5C156ADB6F08A24302FAF654A73E8091C2EE66A9A35541826,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x800000000000000047956526Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.742{3BF36828-6452-6125-66F4-00000000CA01}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000047956525Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.742{3BF36828-6452-6125-66F4-00000000CA01}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=B6E99FD898E948657373BB02708C7C00,SHA256=90476029BD7AB0FEC53AAE567AE53BC0B09C7C5C8C7B8F19485BA872B74ED591,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000047956524Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.742{3BF36828-6452-6125-66F4-00000000CA01}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000047956523Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.742{3BF36828-6452-6125-66F4-00000000CA01}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000047956522Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.742{3BF36828-6452-6125-66F4-00000000CA01}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000047956521Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.742{3BF36828-6452-6125-66F4-00000000CA01}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000047956520Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.742{3BF36828-6452-6125-66F4-00000000CA01}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000047956519Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.742{3BF36828-6452-6125-66F4-00000000CA01}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000047956518Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.727{3BF36828-6452-6125-66F4-00000000CA01}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000047956517Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.727{3BF36828-6452-6125-66F4-00000000CA01}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000047956516Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.727{3BF36828-6452-6125-66F4-00000000CA01}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000047956515Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.727{3BF36828-6452-6125-66F4-00000000CA01}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000047956514Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.727{3BF36828-6452-6125-66F4-00000000CA01}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=88632FDECDE467B887C3594BE2EC545C,SHA256=FFED4D80961917C785063411ED15CED1DB6588AD925E76D72E1BF684FFDBF25D,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000047956513Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.727{3BF36828-6452-6125-66F4-00000000CA01}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000047956512Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.727{3BF36828-6452-6125-66F4-00000000CA01}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000047956511Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.727{3BF36828-6452-6125-66F4-00000000CA01}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000047956510Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.727{3BF36828-6452-6125-66F4-00000000CA01}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000047956509Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.727{3BF36828-6452-6125-66F4-00000000CA01}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000047956508Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.727{3BF36828-6452-6125-66F4-00000000CA01}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000047956507Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.727{3BF36828-6452-6125-66F4-00000000CA01}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000047956506Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.727{3BF36828-6452-6125-66F4-00000000CA01}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000047956505Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.727{3BF36828-6452-6125-66F4-00000000CA01}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000047956504Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.727{3BF36828-6452-6125-66F4-00000000CA01}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000047956503Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.727{3BF36828-6452-6125-66F4-00000000CA01}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000047956502Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.727{3BF36828-6452-6125-66F4-00000000CA01}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000047956501Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.727{3BF36828-6452-6125-66F4-00000000CA01}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000047956500Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.727{3BF36828-6452-6125-66F4-00000000CA01}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4350 (rs1_release.210407-2154)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=BC930981DA6E598A6A2E87D8355CB38A,SHA256=34DB9A305C0574B5C1694A499221B520DFB2BFD894D8E95096ABF09F1182D758,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000047956499Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.727{3BF36828-6452-6125-66F4-00000000CA01}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000047956498Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.727{3BF36828-6452-6125-66F4-00000000CA01}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000047956497Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.727{3BF36828-6452-6125-66F4-00000000CA01}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000047956496Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.727{3BF36828-6452-6125-66F4-00000000CA01}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000047956495Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.727{3BF36828-6452-6125-66F4-00000000CA01}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000047956494Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.727{3BF36828-6452-6125-66F4-00000000CA01}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000047956493Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.727{3BF36828-6452-6125-66F4-00000000CA01}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000047956492Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.727{3BF36828-6452-6125-66F4-00000000CA01}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.2969 (rs1_release.190503-1820)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=F5442C4B9A99C3AED71BED79AC46DAD1,SHA256=05F47403F3BD93FB11F39A5CB4D6E4DD08B35FF4FA3D4969D8E5396D38FB484B,IMPHASH=D2F471BB25AF6310EB67BD4EA99B4DBCtrueMicrosoft WindowsValid 10341000x800000000000000047956491Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.727{3BF36828-402D-611D-3A00-00000000CA01}36083628C:\Windows\system32\conhost.exe{3BF36828-6452-6125-66F4-00000000CA01}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000047956490Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.727{3BF36828-6452-6125-66F4-00000000CA01}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000047956489Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.727{3BF36828-6452-6125-66F4-00000000CA01}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000047956488Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.727{3BF36828-6452-6125-66F4-00000000CA01}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 10341000x800000000000000047956487Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.727{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000047956486Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.727{3BF36828-6452-6125-66F4-00000000CA01}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1CtrueSplunk, Inc.Valid 10341000x800000000000000047956485Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.727{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047956484Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.727{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047956483Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.727{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047956482Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.727{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047956481Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.727{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047956480Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.727{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047956479Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.727{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047956478Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.727{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047956477Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.727{3BF36828-4019-611D-0500-00000000CA01}408356C:\Windows\system32\csrss.exe{3BF36828-6452-6125-66F4-00000000CA01}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000047956476Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.727{3BF36828-402C-611D-3000-00000000CA01}22204860C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3BF36828-6452-6125-66F4-00000000CA01}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000047956475Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.712{3BF36828-6452-6125-66F4-00000000CA01}4152C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{3BF36828-4019-611D-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{3BF36828-402C-611D-3000-00000000CA01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 734700x800000000000000047956474Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.196{3BF36828-6452-6125-65F4-00000000CA01}3764C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000047956473Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.196{3BF36828-6452-6125-65F4-00000000CA01}3764C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000047956472Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.196{3BF36828-6452-6125-65F4-00000000CA01}3764C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x800000000000000047956471Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.055{3BF36828-6452-6125-65F4-00000000CA01}3764C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000047956470Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.055{3BF36828-6452-6125-65F4-00000000CA01}3764C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=B6E99FD898E948657373BB02708C7C00,SHA256=90476029BD7AB0FEC53AAE567AE53BC0B09C7C5C8C7B8F19485BA872B74ED591,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000047956469Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.055{3BF36828-6452-6125-65F4-00000000CA01}3764C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000047956468Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.055{3BF36828-6452-6125-65F4-00000000CA01}3764C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000047956467Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.055{3BF36828-6452-6125-65F4-00000000CA01}3764C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000047956466Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.055{3BF36828-6452-6125-65F4-00000000CA01}3764C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000047956465Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.039{3BF36828-6452-6125-65F4-00000000CA01}3764C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000047956464Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.039{3BF36828-6452-6125-65F4-00000000CA01}3764C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000047956463Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.039{3BF36828-6452-6125-65F4-00000000CA01}3764C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000047956462Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.039{3BF36828-6452-6125-65F4-00000000CA01}3764C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000047956461Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.039{3BF36828-6452-6125-65F4-00000000CA01}3764C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\winspool.drv10.0.14393.4169 (rs1_release.210107-1130)Windows Spooler DriverMicrosoft® Windows® Operating SystemMicrosoft Corporationwinspool.drvMD5=D21FAA584F844E61375D95B5BE9115EE,SHA256=E221EA0081FDE7AAAD71A38016A8D470082B3732E9ED2D8ED7C97E9F41AF0045,IMPHASH=2005807FD04567B79F4109D23F9E6018trueMicrosoft WindowsValid 734700x800000000000000047956460Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.039{3BF36828-6452-6125-65F4-00000000CA01}3764C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000047956459Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.039{3BF36828-6452-6125-65F4-00000000CA01}3764C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000047956458Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.039{3BF36828-6452-6125-65F4-00000000CA01}3764C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000047956457Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.039{3BF36828-6452-6125-65F4-00000000CA01}3764C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000047956456Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.039{3BF36828-6452-6125-65F4-00000000CA01}3764C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000047956455Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.039{3BF36828-6452-6125-65F4-00000000CA01}3764C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000047956454Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.039{3BF36828-6452-6125-65F4-00000000CA01}3764C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000047956453Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.039{3BF36828-6452-6125-65F4-00000000CA01}3764C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\combase.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=88632FDECDE467B887C3594BE2EC545C,SHA256=FFED4D80961917C785063411ED15CED1DB6588AD925E76D72E1BF684FFDBF25D,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000047956452Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.039{3BF36828-6452-6125-65F4-00000000CA01}3764C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000047956451Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.039{3BF36828-6452-6125-65F4-00000000CA01}3764C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000047956450Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.039{3BF36828-6452-6125-65F4-00000000CA01}3764C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000047956449Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.039{3BF36828-6452-6125-65F4-00000000CA01}3764C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000047956448Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.039{3BF36828-6452-6125-65F4-00000000CA01}3764C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000047956447Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.039{3BF36828-6452-6125-65F4-00000000CA01}3764C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000047956446Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.039{3BF36828-6452-6125-65F4-00000000CA01}3764C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000047956445Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.039{3BF36828-6452-6125-65F4-00000000CA01}3764C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000047956444Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.039{3BF36828-6452-6125-65F4-00000000CA01}3764C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000047956443Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.039{3BF36828-6452-6125-65F4-00000000CA01}3764C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4350 (rs1_release.210407-2154)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=BC930981DA6E598A6A2E87D8355CB38A,SHA256=34DB9A305C0574B5C1694A499221B520DFB2BFD894D8E95096ABF09F1182D758,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000047956442Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.039{3BF36828-6452-6125-65F4-00000000CA01}3764C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000047956441Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.039{3BF36828-6452-6125-65F4-00000000CA01}3764C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000047956440Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.039{3BF36828-6452-6125-65F4-00000000CA01}3764C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\advapi32.dll10.0.14393.2969 (rs1_release.190503-1820)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=F5442C4B9A99C3AED71BED79AC46DAD1,SHA256=05F47403F3BD93FB11F39A5CB4D6E4DD08B35FF4FA3D4969D8E5396D38FB484B,IMPHASH=D2F471BB25AF6310EB67BD4EA99B4DBCtrueMicrosoft WindowsValid 734700x800000000000000047956439Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.039{3BF36828-6452-6125-65F4-00000000CA01}3764C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 23542300x800000000000000047956438Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.039{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8A3E0A89AB3FA02A380CFF6A28FBF015,SHA256=387C1A8A2EFB4ECCDD329A647D05204A0D4219C1194C5DFA232C92765A311BAF,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x800000000000000047956437Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.039{3BF36828-6452-6125-65F4-00000000CA01}3764C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000047956436Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.039{3BF36828-6452-6125-65F4-00000000CA01}3764C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000047956435Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.039{3BF36828-6452-6125-65F4-00000000CA01}3764C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 10341000x800000000000000047956434Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.039{3BF36828-402D-611D-3A00-00000000CA01}36083628C:\Windows\system32\conhost.exe{3BF36828-6452-6125-65F4-00000000CA01}3764C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000047956433Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.039{3BF36828-6452-6125-65F4-00000000CA01}3764C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000047956432Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.039{3BF36828-6452-6125-65F4-00000000CA01}3764C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000047956431Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.039{3BF36828-6452-6125-65F4-00000000CA01}3764C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 10341000x800000000000000047956430Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.039{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047956429Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.039{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000047956428Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.039{3BF36828-6452-6125-65F4-00000000CA01}3764C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exeMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748trueSplunk, Inc.Valid 10341000x800000000000000047956427Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.039{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047956426Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.039{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047956425Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.039{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047956424Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.039{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047956423Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.039{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047956422Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.039{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047956421Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.039{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047956420Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.039{3BF36828-4019-611D-0500-00000000CA01}408424C:\Windows\system32\csrss.exe{3BF36828-6452-6125-65F4-00000000CA01}3764C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000047956419Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.039{3BF36828-402C-611D-3000-00000000CA01}22204860C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3BF36828-6452-6125-65F4-00000000CA01}3764C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000047956418Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:46.024{3BF36828-6452-6125-65F4-00000000CA01}3764C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{3BF36828-4019-611D-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{3BF36828-402C-611D-3000-00000000CA01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000030725635Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:27:47.607{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8852F20764538B711EB049AF8DDD5B6E,SHA256=99FFA40190F5FE65C4D48C9062951E355D36E7220A49F3651B2B4466CCD9A3B3,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047956593Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:47.836{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B0E933C516BF2FC3A3337AF71A6EF3BA,SHA256=A7436ED5459880885B192196D61B8DD96E819DEF8C599A0FC9F044D5E242D557,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047956592Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:47.836{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=08CE27FC98A45DBE0969FCDB4E9FA994,SHA256=6D9B966FAF60415B1E3EA6167ECC30D7A117586AEDA1133BDC6B6C58976B83B3,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x800000000000000047956591Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:47.571{3BF36828-6453-6125-67F4-00000000CA01}4220C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 10341000x800000000000000047956590Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:47.571{3BF36828-6453-6125-67F4-00000000CA01}42203684C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{3BF36828-402C-611D-3000-00000000CA01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000047956589Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:47.571{3BF36828-6453-6125-67F4-00000000CA01}4220C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000047956588Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:47.571{3BF36828-6453-6125-67F4-00000000CA01}4220C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x800000000000000047956587Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:47.430{3BF36828-6453-6125-67F4-00000000CA01}4220C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000047956586Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:47.430{3BF36828-6453-6125-67F4-00000000CA01}4220C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=B6E99FD898E948657373BB02708C7C00,SHA256=90476029BD7AB0FEC53AAE567AE53BC0B09C7C5C8C7B8F19485BA872B74ED591,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000047956585Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:47.430{3BF36828-6453-6125-67F4-00000000CA01}4220C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000047956584Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:47.430{3BF36828-6453-6125-67F4-00000000CA01}4220C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000047956583Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:47.430{3BF36828-6453-6125-67F4-00000000CA01}4220C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000047956582Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:47.430{3BF36828-6453-6125-67F4-00000000CA01}4220C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000047956581Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:47.430{3BF36828-6453-6125-67F4-00000000CA01}4220C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000047956580Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:47.430{3BF36828-6453-6125-67F4-00000000CA01}4220C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000047956579Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:47.414{3BF36828-6453-6125-67F4-00000000CA01}4220C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000047956578Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:47.414{3BF36828-6453-6125-67F4-00000000CA01}4220C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000047956577Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:47.414{3BF36828-6453-6125-67F4-00000000CA01}4220C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000047956576Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:47.414{3BF36828-6453-6125-67F4-00000000CA01}4220C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000047956575Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:47.414{3BF36828-6453-6125-67F4-00000000CA01}4220C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\combase.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=88632FDECDE467B887C3594BE2EC545C,SHA256=FFED4D80961917C785063411ED15CED1DB6588AD925E76D72E1BF684FFDBF25D,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000047956574Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:47.414{3BF36828-6453-6125-67F4-00000000CA01}4220C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000047956573Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:47.414{3BF36828-6453-6125-67F4-00000000CA01}4220C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000047956572Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:47.414{3BF36828-6453-6125-67F4-00000000CA01}4220C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000047956571Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:47.414{3BF36828-6453-6125-67F4-00000000CA01}4220C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000047956570Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:47.414{3BF36828-6453-6125-67F4-00000000CA01}4220C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000047956569Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:47.414{3BF36828-6453-6125-67F4-00000000CA01}4220C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000047956568Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:47.414{3BF36828-6453-6125-67F4-00000000CA01}4220C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000047956567Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:47.414{3BF36828-6453-6125-67F4-00000000CA01}4220C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000047956566Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:47.414{3BF36828-6453-6125-67F4-00000000CA01}4220C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000047956565Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:47.414{3BF36828-6453-6125-67F4-00000000CA01}4220C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000047956564Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:47.414{3BF36828-6453-6125-67F4-00000000CA01}4220C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4350 (rs1_release.210407-2154)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=BC930981DA6E598A6A2E87D8355CB38A,SHA256=34DB9A305C0574B5C1694A499221B520DFB2BFD894D8E95096ABF09F1182D758,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000047956563Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:47.414{3BF36828-6453-6125-67F4-00000000CA01}4220C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000047956562Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:47.414{3BF36828-6453-6125-67F4-00000000CA01}4220C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000047956561Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:47.414{3BF36828-6453-6125-67F4-00000000CA01}4220C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000047956560Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:47.414{3BF36828-6453-6125-67F4-00000000CA01}4220C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000047956559Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:47.414{3BF36828-6453-6125-67F4-00000000CA01}4220C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000047956558Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:47.414{3BF36828-6453-6125-67F4-00000000CA01}4220C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000047956557Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:47.414{3BF36828-6453-6125-67F4-00000000CA01}4220C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000047956556Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:47.414{3BF36828-6453-6125-67F4-00000000CA01}4220C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000047956555Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:47.414{3BF36828-6453-6125-67F4-00000000CA01}4220C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000047956554Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:47.414{3BF36828-6453-6125-67F4-00000000CA01}4220C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\advapi32.dll10.0.14393.2969 (rs1_release.190503-1820)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=F5442C4B9A99C3AED71BED79AC46DAD1,SHA256=05F47403F3BD93FB11F39A5CB4D6E4DD08B35FF4FA3D4969D8E5396D38FB484B,IMPHASH=D2F471BB25AF6310EB67BD4EA99B4DBCtrueMicrosoft WindowsValid 734700x800000000000000047956553Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:47.414{3BF36828-6453-6125-67F4-00000000CA01}4220C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000047956552Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:47.414{3BF36828-6453-6125-67F4-00000000CA01}4220C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5,IMPHASH=0D8FF9DE2DA5C07D680347B1A098E759trueMicrosoft WindowsValid 10341000x800000000000000047956551Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:47.414{3BF36828-402D-611D-3A00-00000000CA01}36083628C:\Windows\system32\conhost.exe{3BF36828-6453-6125-67F4-00000000CA01}4220C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000047956550Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:47.414{3BF36828-6453-6125-67F4-00000000CA01}4220C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000047956549Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:47.414{3BF36828-6453-6125-67F4-00000000CA01}4220C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 10341000x800000000000000047956548Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:47.414{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000047956547Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:27:47.414{3BF36828-6453-6125-67F4-00000000CA01}4220C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating Sy