23542300x800000000000000030724922Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:20.953{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=536D3C666578588B834D93C6490CFDAC,SHA256=B389214A2642DF186648365FEF30A21233F71548EA09DB6F498F2770D9E93AC5,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030724921Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:20.953{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=64702D3A31F5EDF6CBDDA2103D97C463,SHA256=1045B696F122A5698F835D0B8C993E376B84836831830ED45F5B879C1970BFF3,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030724920Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:20.875{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=57AA752E1B41533A90B11A6AB91CCEEF,SHA256=4F039A4B5C4200E247FC120475FB2CB1B0E49138C05E5D44C912319EBFB4CC85,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000047953931Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:16.260{3BF36828-4019-611D-0B00-00000000CA01}628C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:b574:557a:2d92:ce61win-dc-128.attackrange.local53739-truefe80:0:0:0:b574:557a:2d92:ce61win-dc-128.attackrange.local389ldap 354300x800000000000000047953930Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:16.260{3BF36828-402C-611D-3500-00000000CA01}1532C:\Windows\System32\dfsrs.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:b574:557a:2d92:ce61win-dc-128.attackrange.local53739-truefe80:0:0:0:b574:557a:2d92:ce61win-dc-128.attackrange.local389ldap 354300x800000000000000047953929Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:16.251{3BF36828-4019-611D-0B00-00000000CA01}628C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:b574:557a:2d92:ce61win-dc-128.attackrange.local53738-truefe80:0:0:0:b574:557a:2d92:ce61win-dc-128.attackrange.local389ldap 354300x800000000000000047953928Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:16.251{3BF36828-402C-611D-3500-00000000CA01}1532C:\Windows\System32\dfsrs.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:b574:557a:2d92:ce61win-dc-128.attackrange.local53738-truefe80:0:0:0:b574:557a:2d92:ce61win-dc-128.attackrange.local389ldap 23542300x800000000000000047953927Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:20.398{3BF36828-401B-611D-1200-00000000CA01}760NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=EDC60814ECEF6FD17EE8FC318B9613A6,SHA256=9B0EE3C88056ECE298A0017CE7A57A4DB7F80165EB5850FF347AB0F8B4C31296,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047953926Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:20.023{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=33101D405248A55BB99247E9D9BA0463,SHA256=BFC386539045B15664F2122AF7385BA4CC7209E973ACB7AEF58F8C6FB1DA491D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000030724919Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:20.790{B81B27B7-6348-6125-5600-01000000C801}3565032C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{B81B27B7-4013-611D-2700-00000000C801}2076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030724918Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:20.653{B81B27B7-4014-611D-3000-00000000C801}31443164C:\Windows\system32\conhost.exe{B81B27B7-6348-6125-5600-01000000C801}356C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030724917Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:20.653{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030724916Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:20.653{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030724915Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:20.653{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030724914Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:20.653{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030724913Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:20.638{B81B27B7-4012-611D-0500-00000000C801}420536C:\Windows\system32\csrss.exe{B81B27B7-6348-6125-5600-01000000C801}356C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000030724912Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:20.638{B81B27B7-4013-611D-2700-00000000C801}20763760C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{B81B27B7-6348-6125-5600-01000000C801}356C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000030724911Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:20.638{B81B27B7-6348-6125-5600-01000000C801}356C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{B81B27B7-4012-611D-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{B81B27B7-4013-611D-2700-00000000C801}2076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000030724910Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:20.154{B81B27B7-6347-6125-5500-01000000C801}55046740C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{B81B27B7-4013-611D-2700-00000000C801}2076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000030724924Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:21.890{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=491C15833D453E1D231D0E4622C9003E,SHA256=21A6184CDF0C4A426EE6A603BDD23D6EFCEEAA27D4A1812F6886F5F0768F2989,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047953933Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:21.258{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B8DBE7500D12A6EC81697CB898C6D844,SHA256=4A89D879D4DDB9CDEAEE96C235FE9B408F904946E50B6399C4498C5115AA0C44,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047953932Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:21.258{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E33985C25F8BAD141BB46D638DF693E4,SHA256=2958433E29A8D73207D0987EFB58C1FCE40722895C1847F4A74545E8C29C3B16,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000030724923Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:26.065{B81B27B7-4013-611D-2700-00000000C801}2076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58825-false10.0.1.12-8089- 23542300x800000000000000030724926Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:22.920{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=682F3B241AB843E4128534A955C4C434,SHA256=1224D4813DBD35AB422855B244A439A1F61E76093D5D3652056D372EA6707F6D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000047953936Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:18.935{3BF36828-4037-611D-7100-00000000CA01}4948C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local53740-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000047953935Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:22.398{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D58275601F9038502830E5472755DE44,SHA256=E204EA58A83E1DD5DB66ABB01FD644BAD8EE64A3104881763863144D8C42FCA3,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047953934Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:22.398{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=23735FBF0D875D56C56657C755AFF9FE,SHA256=9B0703863AB971E4377A8AC1B5E4CADFB64C513B4B6B0F4B804C43B3017A1581,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000030724925Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:27.063{B81B27B7-401D-611D-6900-00000000C801}3616C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58826-false10.0.1.12-8000- 23542300x800000000000000030724935Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:23.936{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BECD699BEDB466FB26CA2E413496D268,SHA256=B65103D9264E31EDA678F444CB11005B48455ADAA0B54ABC8A6B07D00759DD2C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047953938Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:23.554{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B2B6DB4CC467AD615725F9333771C498,SHA256=5727B7C8899B86A486E0BD60806BCEE38E4CDCE5F2B8BB8E762C341326DA4026,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000030724934Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:23.105{B81B27B7-4014-611D-3000-00000000C801}31443164C:\Windows\system32\conhost.exe{B81B27B7-634B-6125-5700-01000000C801}3124C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030724933Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:23.105{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030724932Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:23.105{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030724931Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:23.105{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030724930Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:23.105{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030724929Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:23.105{B81B27B7-4012-611D-0500-00000000C801}420536C:\Windows\system32\csrss.exe{B81B27B7-634B-6125-5700-01000000C801}3124C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000030724928Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:23.105{B81B27B7-4013-611D-2700-00000000C801}20763760C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{B81B27B7-634B-6125-5700-01000000C801}3124C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000030724927Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:23.089{B81B27B7-634B-6125-5700-01000000C801}3124C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{B81B27B7-4012-611D-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{B81B27B7-4013-611D-2700-00000000C801}2076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000047953937Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:23.445{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F713A05F9E822F7B823B92881EA39B2A,SHA256=B61121795B5F3D62EC39A9442B120353658EE988800A1AA5FA37D0640927E57E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030724937Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:24.969{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9BC9687A46AE41434D8F18EC26B89FAA,SHA256=CC4F82CAE57BB90D02F0E395F6065979B84E1B45DF94F3F97B661D2B01397E04,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047953940Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:24.554{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2241850F0FECB0BF13AB409F24434E57,SHA256=FFF236DF359C42B6CCE73BB6712DE76CF4DEB300621A4D20D8A1323A513583C0,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047953939Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:24.554{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=42DB2B2D09F743E95646930BDFB9A9D5,SHA256=D84D11EB9AD0481A335E1DBE5557103AC8D442DF3E5F1EBEB47D94D736786F40,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030724936Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:24.089{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=536D3C666578588B834D93C6490CFDAC,SHA256=B389214A2642DF186648365FEF30A21233F71548EA09DB6F498F2770D9E93AC5,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030724938Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:25.989{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8C8CA2F4C30F662DA86B93791F27BCD3,SHA256=16B6CC1CA60D3DA7A47953F497E580AF237ED5A54C03EFEED9307A27D94A2639,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047953942Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:25.742{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=6832496F8502C22BD557A34289C9E39C,SHA256=D8A52E2747E23F790859E8FD3A601C68624CEC38B33AB986B6F69F12AC277F61,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047953941Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:25.570{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FCC93A4313FECA6C0E9ACF398DF7FBB9,SHA256=79A55BDED2E20F7B43FD6FD391F5510E409FB275BB756E4243031A6753592755,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047953944Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:26.851{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=8F1FA30C1E80B1B9B606876E2D881975,SHA256=C89F267B7BED49A4F1FE0D6210C997B66A54BF223D4CC3EFE0577C12B5BC07D0,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047953943Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:26.601{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A5F42D5EECF2352B9C6B30591AA299C8,SHA256=DB654B3DB62A7FBACF71D85C20AA678684946160059F85E25EB38E861722DE7F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047953945Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:27.601{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BCEEE4FC593BB9A6206981216CAFF6F9,SHA256=FC8C50D65B85979D247F39ECAF1208C19B5CC5975646A2B7E961116F790B9C16,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030724939Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:27.019{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7BEF32F328D22EB0C3F8D9BD181E007E,SHA256=AF24C89132104CB4A7599E965F87D24D8FB186870041CC0F6DA2C03BD5BC4F93,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047953948Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:28.617{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CC5069705F4A292182A47BEC30CC84AB,SHA256=BD00C41B328F5767C2C2EC5832A24D111E43FF4E55284D9C4829365DD7372140,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000030724941Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:32.946{B81B27B7-401D-611D-6900-00000000C801}3616C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58827-false10.0.1.12-8000- 23542300x800000000000000030724940Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:28.050{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8E2D0CAEC774F24A28C25AE8FCFD5137,SHA256=DDBCD9A06BDBB27646A25D9FC0DF141C98C2E97EBE0C7328642DB56351DFCAC1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047953947Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:28.195{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=9477B6275EE15BCEB3613586C8D0BE07,SHA256=5698C5AA3A8F82E32F6E87E2F3E2535098E5B5660C103A38BB56A590EF0AEDE4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000047953946Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:23.988{3BF36828-4037-611D-7100-00000000CA01}4948C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local53741-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000047953950Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:29.648{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9CDFD5A66CCD42EB2C511B64CCF9BE6B,SHA256=2B7EFA341D61932500226F386611B773DEB1D958608E37A405F0E2CA30BE4471,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030724942Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:29.067{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=931CA0FF79A922CC202E00CB426E109E,SHA256=A32D3835A66995DF67CF1778D220F00CD2DBB42ACD6B8F043C167736FDA8D860,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047953949Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:29.429{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=8B499A9E7B7BA6CCD37DB057839CD4D1,SHA256=E6DDAC82774E4F06CF410D3686B788A0A5FF02060E51DF50F005A707B1061947,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047953952Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:30.664{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9835893D9047A89FFD4A9A86E740EA53,SHA256=5AB13FA322FB1DCFAB1CEAD5C0283ECA7FFE49B9532DFFCCAC5A3DC2F45AB7C6,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030724943Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:30.085{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A8AC4702921C5C5136F2A1A7F9F9BE1A,SHA256=DACF9DE3906F53F3FE02CAF033F5574A878E93D7C51AC1F8FAFD79C32D457BB2,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047953951Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:30.476{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=940C601D6FF79AF10EB4A6C970952A95,SHA256=797183E6794B417F26716CD087809833221F2AEC0433E869E0F422873178CAA9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047953954Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:31.820{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=DD5E07175A3237CD1CAF2D5045BECCD6,SHA256=EA5782A9F6310FD0BAC22E1129D4CF72BF8E044D505CA3EA61C0CFB2362B3461,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047953953Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:31.711{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F59F0A0D06EF8698F34885FD98C48805,SHA256=6150B6B206F2AA66FD98714BACCB0B475B2CA1D9779F7BEE64D5BD032347F31B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030724944Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:31.131{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=03AE0182194055213164FFD3D43E1EE1,SHA256=F8254956DD1CFAAC457BA39D85D24ED89E50C00EA7D0187AC44C2CDD792C13E2,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047953956Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:32.976{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=89D7828C8D5BAF3911483C902221D8A9,SHA256=C6DF2D906CDAB47EC97B012C594BC1BB23AF8728B3DDD4D590251FAAB234AD9D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047953955Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:32.726{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C74247073459D0802FFB9403BEA450AA,SHA256=F8FB6740DB043409886CB78B802E1FD187F8A31E0792B4C750E332A5157BE22A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000030724946Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:38.010{B81B27B7-401D-611D-6900-00000000C801}3616C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58828-false10.0.1.12-8000- 23542300x800000000000000030724945Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:32.146{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A3D45459BFF9D62846C2F1614C2FA035,SHA256=B79D9CB156507F59B1833B8C4BAE89510CB6B98997DC7879D385823F561FB2A6,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047953957Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:33.742{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8524E1154D9F9C5C082CFE735C81EBF9,SHA256=F2C1E77CEDBEA1F1124C277DF1824CB18F3E727A500C30E2C8CCEB5C72E94497,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030724947Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:33.163{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=47913F12BD650627DA9F7964457CB61C,SHA256=1A57798D42F6C97E76C67C19190A6B430AF1CA869F1FDA10843F84274F1A48FF,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047953960Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:34.789{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F6323A3DFBAA7F258EADE74AF563D14B,SHA256=0C03B7FADE10001242B8DD5BC67924522826A7319F193D16787E9E4E6FC65F4B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030724948Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:34.196{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2341F21A9EA27A1B161F17C737B3E6A5,SHA256=317875E9863621408CE22F3B8614CF388EAEC879EDC9C62253BBFEE758D5A3A7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000047953959Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:29.982{3BF36828-4037-611D-7100-00000000CA01}4948C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local53742-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000047953958Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:34.148{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=EBE23204BDA5A3BD244823673C231327,SHA256=CADB26CBE5970478D81F41DC4003C0563BB95A6E2B7E7E3F787EA13F5BB15CBD,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047953962Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:35.792{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=20FA928AC330298C4D87993C9E53B705,SHA256=0FFFC7F5E71C13658C96EE0A3340751CDDF0A01AE737965E57431C3C0A7DA130,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030724949Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:35.211{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A6FD547A4D0418C5E7F48A5AB2E2C7D4,SHA256=D7DEE1D8E254B60DD33FD1117F19135D2E46C16A7BBA4CF2CB6C8D025EBC1435,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047953961Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:35.258{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=201F72F28C470BB8615B81BD1C9F5BEF,SHA256=96A74DF89712397BAAF56FAD759172A5C3F9A5A8FA41C9F3C097FBF074E0C8A1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047953964Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:36.824{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9175C337773B1BC6A582764B237AF60B,SHA256=5050DD630B1F224E9F8584911CCC95C1D2357C27A8A877E0FCECDCAE3AC5A063,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030724950Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:36.227{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C943640314B7A75FD7EB5832D1CD2FE8,SHA256=03DB5143D05BAC3DFD7F752E4046009D91BC926AE0327A547AC4612F3E9BDBE9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047953963Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:36.417{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=FE6145742B996A7078A7278CFED2EBF9,SHA256=E20648730B0D2DC6AF706B1F12D42E2512DAD2E6023308B52237024BCA7315A1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047953966Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:37.839{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C229CD851CD72461F9A619A5A9D515C6,SHA256=7C5FA839DF7B8695DC45030CB0221B8184504D7E28AAEC5084C31F06C32A55F1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000030724952Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:43.068{B81B27B7-401D-611D-6900-00000000C801}3616C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58829-false10.0.1.12-8000- 23542300x800000000000000030724951Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:37.227{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=972DAC5CEAE8BA577FE9FD588B5C048D,SHA256=25E22642964168D3F5FFEBAC6050A53E9D9A86BA2FDDBAF675641CE43AA0D35D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047953965Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:37.496{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A2BA75788554465AF2A57E6882070499,SHA256=45B435190874CA0809BDB46F6A2D79536C0AE76642F7C455305525F882740936,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047953968Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:38.949{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=CF6A9862EC3BB99CE4B1DE31F6C1C6B2,SHA256=1BE5EE8E0BD55C3C5591AE19B74A386338A79BFEAA68D8D7B76C601D4920DAEE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047953967Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:38.855{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F1EF5FCBC1F6BAA9A6A50DDCB62CF303,SHA256=FBEA40EEA5B9CE854F6C9A1E01A8EDE14BAB6F192EB5A9D435417B684F484E27,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030724953Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:38.227{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DB762784C7764F198A34F5D2B9FD3DB1,SHA256=CA625DE525657BBBC419FAC471C68731B36E30087A0D35BEB43D3319AB77B525,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047953969Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:39.886{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CCA420FEBF280AABF1552E460CB708A2,SHA256=B00AC2F5A3E03A334ED5D3DA5DD51EF7863D63E7A870BFD786B599F560B94253,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030724954Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:39.228{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=294E6C451331B1E5F206AA56E83EE397,SHA256=E7C76FC3D7127D5632FC586E502E04EF3FB412809CDF596C68943D5D043E7589,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047953972Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:40.903{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5557736F40BC67C57871BE83B6EB6450,SHA256=055B12FCB8329305E48682B614EB16461E7172022383E79C7886C01CA65F0C1C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000047953971Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:35.907{3BF36828-4037-611D-7100-00000000CA01}4948C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local53743-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000047953970Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:40.246{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=025AC0E545A84A726371F240F6F70ABC,SHA256=304708BF5F1F61C569AB163A4FAF5CD153A68B15FE0581F80455D0E6E4487A64,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030724955Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:40.228{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=86AA3A089A1E1C43A31BD0806C4C8405,SHA256=FBFFFA4AC25034E37A4F19B54F29A31DEF43FE768D09C5EB4121CDCC16A740DB,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047953974Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:41.933{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=183157ED102B692718A8241D03C2F80F,SHA256=5419C18D5868ECC163B70431D0E977D07EC8D6D52ABAFC322D6FE297F39E63D4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030724956Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:41.263{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DDC678165727EE3123316DF8AEB954CB,SHA256=A2CDF09E85B8E567539D1BF2BF3A7761393921E8BFA5A3A81EC4CCB61879CC89,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047953973Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:41.277{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=99FDF93217BF04407ED6FD8D44454445,SHA256=E9D4DD446EF365C611E9A0B687AA99EBE191F062417BF03955B0D55068E7E81A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047953976Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:42.980{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=474346607FBBF784DF510BABB3627673,SHA256=E304695F0BEE54EEB9F5974C773B65E64B7E13BDADE6C03F45112E414DE32691,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030724957Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:42.266{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EC52D8DCA463E8F3ECB02AAE8107D41C,SHA256=C2537187B879977A2387456FDEDEC04A41DE789723A50AD63F36F52BF36739C9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047953975Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:42.527{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=1C4891DA416256C6E0F0244D09046844,SHA256=9BC14EE065E2B245E1DDCD7DE1E9D13CE7296A5B0D001E5960095155A85C4EED,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000030724959Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:49.044{B81B27B7-401D-611D-6900-00000000C801}3616C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58830-false10.0.1.12-8000- 23542300x800000000000000030724958Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:43.287{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B111390036E5AD7C5E6439CD0A672CAD,SHA256=B3AA7C2ADF541F515DAA6604A8669405EB1D03D317FB7B1BE466C6825C0CF265,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000047954033Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.917{3BF36828-635F-6125-45F4-00000000CA01}19684896C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{3BF36828-402C-611D-3000-00000000CA01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000047954032Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.902{3BF36828-635F-6125-45F4-00000000CA01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000047954031Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.902{3BF36828-635F-6125-45F4-00000000CA01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x800000000000000047954030Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.730{3BF36828-635F-6125-45F4-00000000CA01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000047954029Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.730{3BF36828-635F-6125-45F4-00000000CA01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rsaenh.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=B6E99FD898E948657373BB02708C7C00,SHA256=90476029BD7AB0FEC53AAE567AE53BC0B09C7C5C8C7B8F19485BA872B74ED591,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000047954028Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.730{3BF36828-635F-6125-45F4-00000000CA01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000047954027Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.730{3BF36828-635F-6125-45F4-00000000CA01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000047954026Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.730{3BF36828-635F-6125-45F4-00000000CA01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000047954025Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.730{3BF36828-635F-6125-45F4-00000000CA01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000047954024Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.730{3BF36828-635F-6125-45F4-00000000CA01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000047954023Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.730{3BF36828-635F-6125-45F4-00000000CA01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000047954022Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.730{3BF36828-635F-6125-45F4-00000000CA01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000047954021Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.730{3BF36828-635F-6125-45F4-00000000CA01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000047954020Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.714{3BF36828-635F-6125-45F4-00000000CA01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000047954019Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.714{3BF36828-635F-6125-45F4-00000000CA01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000047954018Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.714{3BF36828-635F-6125-45F4-00000000CA01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000047954017Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.714{3BF36828-635F-6125-45F4-00000000CA01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000047954016Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.714{3BF36828-635F-6125-45F4-00000000CA01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000047954015Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.714{3BF36828-635F-6125-45F4-00000000CA01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000047954014Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.714{3BF36828-635F-6125-45F4-00000000CA01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000047954013Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.714{3BF36828-635F-6125-45F4-00000000CA01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000047954012Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.714{3BF36828-635F-6125-45F4-00000000CA01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000047954011Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.714{3BF36828-635F-6125-45F4-00000000CA01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000047954010Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.714{3BF36828-635F-6125-45F4-00000000CA01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000047954009Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.714{3BF36828-635F-6125-45F4-00000000CA01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000047954008Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.714{3BF36828-635F-6125-45F4-00000000CA01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000047954007Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.714{3BF36828-635F-6125-45F4-00000000CA01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\advapi32.dll10.0.14393.2969 (rs1_release.190503-1820)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=F5442C4B9A99C3AED71BED79AC46DAD1,SHA256=05F47403F3BD93FB11F39A5CB4D6E4DD08B35FF4FA3D4969D8E5396D38FB484B,IMPHASH=D2F471BB25AF6310EB67BD4EA99B4DBCtrueMicrosoft WindowsValid 734700x800000000000000047954006Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.714{3BF36828-635F-6125-45F4-00000000CA01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000047954005Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.714{3BF36828-635F-6125-45F4-00000000CA01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000047954004Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.714{3BF36828-635F-6125-45F4-00000000CA01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000047954003Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.714{3BF36828-635F-6125-45F4-00000000CA01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000047954002Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.714{3BF36828-635F-6125-45F4-00000000CA01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4350 (rs1_release.210407-2154)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=BC930981DA6E598A6A2E87D8355CB38A,SHA256=34DB9A305C0574B5C1694A499221B520DFB2BFD894D8E95096ABF09F1182D758,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000047954001Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.714{3BF36828-635F-6125-45F4-00000000CA01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000047954000Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.714{3BF36828-635F-6125-45F4-00000000CA01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\combase.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=88632FDECDE467B887C3594BE2EC545C,SHA256=FFED4D80961917C785063411ED15CED1DB6588AD925E76D72E1BF684FFDBF25D,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000047953999Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.714{3BF36828-635F-6125-45F4-00000000CA01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000047953998Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.714{3BF36828-635F-6125-45F4-00000000CA01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000047953997Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.714{3BF36828-635F-6125-45F4-00000000CA01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000047953996Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.714{3BF36828-635F-6125-45F4-00000000CA01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000047953995Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.714{3BF36828-635F-6125-45F4-00000000CA01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 10341000x800000000000000047953994Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.714{3BF36828-402D-611D-3A00-00000000CA01}36083628C:\Windows\system32\conhost.exe{3BF36828-635F-6125-45F4-00000000CA01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000047953993Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.714{3BF36828-635F-6125-45F4-00000000CA01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000047953992Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.714{3BF36828-635F-6125-45F4-00000000CA01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000047953991Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.714{3BF36828-635F-6125-45F4-00000000CA01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000047953990Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.714{3BF36828-635F-6125-45F4-00000000CA01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exeMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165trueSplunk, Inc.Valid 10341000x800000000000000047953989Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.714{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047953988Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.714{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047953987Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.714{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047953986Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.714{3BF36828-4019-611D-0500-00000000CA01}408424C:\Windows\system32\csrss.exe{3BF36828-635F-6125-45F4-00000000CA01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000047953985Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.714{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047953984Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.714{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047953983Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.714{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047953982Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.714{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047953981Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.714{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047953980Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.714{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047953979Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.714{3BF36828-402C-611D-3000-00000000CA01}22204860C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3BF36828-635F-6125-45F4-00000000CA01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000047953978Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.700{3BF36828-635F-6125-45F4-00000000CA01}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{3BF36828-4019-611D-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{3BF36828-402C-611D-3000-00000000CA01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000047953977Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:43.667{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B46134338E45548C870661A3D0D4C64D,SHA256=BA472353A8CE3818D589EB7BC9D7099D99BC45AF0159B957BAC2EE9888F3D0E8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030724960Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:44.303{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C180103D8439D50F49AC4ACEF1BE5288,SHA256=C6BE88E550DB72B0F7E3EF06E2B7A84B717BB1964D130CAF95B30C88ADF948FC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x800000000000000047954150Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.980{3BF36828-6360-6125-47F4-00000000CA01}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000047954149Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.980{3BF36828-6360-6125-47F4-00000000CA01}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=B6E99FD898E948657373BB02708C7C00,SHA256=90476029BD7AB0FEC53AAE567AE53BC0B09C7C5C8C7B8F19485BA872B74ED591,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000047954148Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.980{3BF36828-6360-6125-47F4-00000000CA01}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000047954147Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.980{3BF36828-6360-6125-47F4-00000000CA01}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000047954146Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.980{3BF36828-6360-6125-47F4-00000000CA01}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000047954145Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.980{3BF36828-6360-6125-47F4-00000000CA01}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000047954144Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.980{3BF36828-6360-6125-47F4-00000000CA01}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000047954143Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.980{3BF36828-6360-6125-47F4-00000000CA01}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000047954142Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.980{3BF36828-6360-6125-47F4-00000000CA01}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sspicli.dll10.0.14393.2580 (rs1_release_inmarket.181009-1745)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=5061339CE61C0B32DB8F51A95E3B2422,SHA256=60558CA374334D4C6BBAD475921538C14A9FF3422893348A0503C1F33015FD25,IMPHASH=4B1C9487A6420C18F688F0EC5BEB6F33trueMicrosoft WindowsValid 734700x800000000000000047954141Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.980{3BF36828-6360-6125-47F4-00000000CA01}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000047954140Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.964{3BF36828-6360-6125-47F4-00000000CA01}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000047954139Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.964{3BF36828-6360-6125-47F4-00000000CA01}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000047954138Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.964{3BF36828-6360-6125-47F4-00000000CA01}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000047954137Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.964{3BF36828-6360-6125-47F4-00000000CA01}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000047954136Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.964{3BF36828-6360-6125-47F4-00000000CA01}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000047954135Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.964{3BF36828-6360-6125-47F4-00000000CA01}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\combase.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=88632FDECDE467B887C3594BE2EC545C,SHA256=FFED4D80961917C785063411ED15CED1DB6588AD925E76D72E1BF684FFDBF25D,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000047954134Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.964{3BF36828-6360-6125-47F4-00000000CA01}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000047954133Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.964{3BF36828-6360-6125-47F4-00000000CA01}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000047954132Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.964{3BF36828-6360-6125-47F4-00000000CA01}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000047954131Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.964{3BF36828-6360-6125-47F4-00000000CA01}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000047954130Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.964{3BF36828-6360-6125-47F4-00000000CA01}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000047954129Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.964{3BF36828-6360-6125-47F4-00000000CA01}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000047954128Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.964{3BF36828-6360-6125-47F4-00000000CA01}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000047954127Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.964{3BF36828-6360-6125-47F4-00000000CA01}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000047954126Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.964{3BF36828-6360-6125-47F4-00000000CA01}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000047954125Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.964{3BF36828-6360-6125-47F4-00000000CA01}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000047954124Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.964{3BF36828-6360-6125-47F4-00000000CA01}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000047954123Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.964{3BF36828-6360-6125-47F4-00000000CA01}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000047954122Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.964{3BF36828-6360-6125-47F4-00000000CA01}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000047954121Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.964{3BF36828-6360-6125-47F4-00000000CA01}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\nsi.dll10.0.14393.3297 (rs1_release_1.191001-1045)NSI User-mode interface DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationnsi.dllMD5=994E2A6D2A0B38E0968B3998E42033AC,SHA256=491F2D1DE09C39B324BCF5800198AC7CCE755F4023F1FEB3854D33716461BC27,IMPHASH=B01B7830101BC0D5FBDE4FFE2B170CF7trueMicrosoft WindowsValid 734700x800000000000000047954120Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.964{3BF36828-6360-6125-47F4-00000000CA01}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000047954119Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.964{3BF36828-6360-6125-47F4-00000000CA01}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000047954118Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.964{3BF36828-6360-6125-47F4-00000000CA01}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\IPHLPAPI.DLL10.0.14393.2339 (rs1_release_inmarket.180611-1502)IP Helper APIMicrosoft® Windows® Operating SystemMicrosoft Corporationiphlpapi.dllMD5=3CD38EDF9CA12F91131EDEE32D1C9DF5,SHA256=AF2440640BF8BDEAAF0DECDD7C354158E415ED0AA340ABA7A6CCCDC09C1E728B,IMPHASH=98738BA55485CCA932F6D222F47FFC55trueMicrosoft WindowsValid 734700x800000000000000047954117Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.964{3BF36828-6360-6125-47F4-00000000CA01}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dnsapi.dll10.0.14393.4350 (rs1_release.210407-2154)DNS Client API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationdnsapiMD5=D7651F99299B13D576A72643BFC44944,SHA256=589302E630C473DBDF4CE92C59F00B029FCA0C228E7111A764166E16025FA1A9,IMPHASH=3C043C6FF0F62DAEB8819606F79C5ECCtrueMicrosoft WindowsValid 734700x800000000000000047954116Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.964{3BF36828-6360-6125-47F4-00000000CA01}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5,IMPHASH=0D8FF9DE2DA5C07D680347B1A098E759trueMicrosoft WindowsValid 734700x800000000000000047954115Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.964{3BF36828-6360-6125-47F4-00000000CA01}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000047954114Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.964{3BF36828-6360-6125-47F4-00000000CA01}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\advapi32.dll10.0.14393.2969 (rs1_release.190503-1820)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=F5442C4B9A99C3AED71BED79AC46DAD1,SHA256=05F47403F3BD93FB11F39A5CB4D6E4DD08B35FF4FA3D4969D8E5396D38FB484B,IMPHASH=D2F471BB25AF6310EB67BD4EA99B4DBCtrueMicrosoft WindowsValid 734700x800000000000000047954113Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.964{3BF36828-6360-6125-47F4-00000000CA01}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4350 (rs1_release.210407-2154)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=BC930981DA6E598A6A2E87D8355CB38A,SHA256=34DB9A305C0574B5C1694A499221B520DFB2BFD894D8E95096ABF09F1182D758,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000047954112Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.964{3BF36828-6360-6125-47F4-00000000CA01}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000047954111Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.964{3BF36828-6360-6125-47F4-00000000CA01}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 10341000x800000000000000047954110Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.964{3BF36828-402D-611D-3A00-00000000CA01}36083628C:\Windows\system32\conhost.exe{3BF36828-6360-6125-47F4-00000000CA01}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000047954109Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.964{3BF36828-6360-6125-47F4-00000000CA01}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000047954108Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.964{3BF36828-6360-6125-47F4-00000000CA01}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000047954107Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.964{3BF36828-6360-6125-47F4-00000000CA01}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 10341000x800000000000000047954106Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.964{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954105Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.964{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954104Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.964{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000047954103Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.964{3BF36828-6360-6125-47F4-00000000CA01}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exeMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AECtrueSplunk, Inc.Valid 10341000x800000000000000047954102Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.964{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954101Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.964{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954100Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.964{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954099Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.964{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954098Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.964{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954097Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.964{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954096Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.964{3BF36828-4019-611D-0500-00000000CA01}408424C:\Windows\system32\csrss.exe{3BF36828-6360-6125-47F4-00000000CA01}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000047954095Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.964{3BF36828-402C-611D-3000-00000000CA01}22204860C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3BF36828-6360-6125-47F4-00000000CA01}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000047954094Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.955{3BF36828-6360-6125-47F4-00000000CA01}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{3BF36828-4019-611D-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{3BF36828-402C-611D-3000-00000000CA01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000047954093Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.949{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=439B20FD1C022DF9ECA7750A751D88A3,SHA256=1BDECDC37D41A2706030AD3F16EB70B456EF6D01B2728266DBAB48734FB5FF7F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954092Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.855{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=37D38D316B8B3796EA9B272702448771,SHA256=03E6E144AC949E87B07976A06A634C4A2BBAFD50F3775BBBBF3A8CC2EDD3779E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954091Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.824{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B2668216EFECE8E84943EF8591E2D551,SHA256=3BD213379DA4F12E2393F06FA4E69A602AEE1BB4791FF78CBA5B571071FF3C8A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x800000000000000047954090Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.574{3BF36828-6360-6125-46F4-00000000CA01}5292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000047954089Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.574{3BF36828-6360-6125-46F4-00000000CA01}5292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000047954088Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.574{3BF36828-6360-6125-46F4-00000000CA01}5292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x800000000000000047954087Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.433{3BF36828-6360-6125-46F4-00000000CA01}5292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000047954086Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.433{3BF36828-6360-6125-46F4-00000000CA01}5292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rsaenh.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=B6E99FD898E948657373BB02708C7C00,SHA256=90476029BD7AB0FEC53AAE567AE53BC0B09C7C5C8C7B8F19485BA872B74ED591,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000047954085Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.433{3BF36828-6360-6125-46F4-00000000CA01}5292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000047954084Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.433{3BF36828-6360-6125-46F4-00000000CA01}5292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000047954083Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.418{3BF36828-6360-6125-46F4-00000000CA01}5292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000047954082Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.418{3BF36828-6360-6125-46F4-00000000CA01}5292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000047954081Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.418{3BF36828-6360-6125-46F4-00000000CA01}5292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000047954080Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.418{3BF36828-6360-6125-46F4-00000000CA01}5292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000047954079Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.418{3BF36828-6360-6125-46F4-00000000CA01}5292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000047954078Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.418{3BF36828-6360-6125-46F4-00000000CA01}5292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000047954077Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.418{3BF36828-6360-6125-46F4-00000000CA01}5292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000047954076Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.418{3BF36828-6360-6125-46F4-00000000CA01}5292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000047954075Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.418{3BF36828-6360-6125-46F4-00000000CA01}5292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\combase.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=88632FDECDE467B887C3594BE2EC545C,SHA256=FFED4D80961917C785063411ED15CED1DB6588AD925E76D72E1BF684FFDBF25D,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000047954074Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.418{3BF36828-6360-6125-46F4-00000000CA01}5292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000047954073Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.418{3BF36828-6360-6125-46F4-00000000CA01}5292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000047954072Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.418{3BF36828-6360-6125-46F4-00000000CA01}5292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000047954071Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.418{3BF36828-6360-6125-46F4-00000000CA01}5292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000047954070Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.418{3BF36828-6360-6125-46F4-00000000CA01}5292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000047954069Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.402{3BF36828-6360-6125-46F4-00000000CA01}5292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\fltLib.dll10.0.14393.0 (rs1_release.160715-1616)Filter LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationfilterLib.dllMD5=051ABD8360BDA63A1BC77C662FBF0A25,SHA256=C914E2DBAEC2C9A11923A984B30A979637D3A27B3C29E93F4C90FB1D9FBC518F,IMPHASH=74D3C2DA8B6F9861866B866AE40683D3trueMicrosoft WindowsValid 734700x800000000000000047954068Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.402{3BF36828-6360-6125-46F4-00000000CA01}5292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000047954067Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.402{3BF36828-6360-6125-46F4-00000000CA01}5292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000047954066Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.402{3BF36828-6360-6125-46F4-00000000CA01}5292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000047954065Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.402{3BF36828-6360-6125-46F4-00000000CA01}5292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000047954064Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.402{3BF36828-6360-6125-46F4-00000000CA01}5292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000047954063Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.402{3BF36828-6360-6125-46F4-00000000CA01}5292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000047954062Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.402{3BF36828-6360-6125-46F4-00000000CA01}5292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000047954061Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.402{3BF36828-6360-6125-46F4-00000000CA01}5292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000047954060Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.402{3BF36828-6360-6125-46F4-00000000CA01}5292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4350 (rs1_release.210407-2154)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=BC930981DA6E598A6A2E87D8355CB38A,SHA256=34DB9A305C0574B5C1694A499221B520DFB2BFD894D8E95096ABF09F1182D758,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000047954059Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.402{3BF36828-6360-6125-46F4-00000000CA01}5292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000047954058Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.402{3BF36828-6360-6125-46F4-00000000CA01}5292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000047954057Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.402{3BF36828-6360-6125-46F4-00000000CA01}5292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000047954056Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.402{3BF36828-6360-6125-46F4-00000000CA01}5292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000047954055Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.402{3BF36828-6360-6125-46F4-00000000CA01}5292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000047954054Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.402{3BF36828-6360-6125-46F4-00000000CA01}5292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000047954053Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.402{3BF36828-6360-6125-46F4-00000000CA01}5292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000047954052Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.402{3BF36828-6360-6125-46F4-00000000CA01}5292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\advapi32.dll10.0.14393.2969 (rs1_release.190503-1820)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=F5442C4B9A99C3AED71BED79AC46DAD1,SHA256=05F47403F3BD93FB11F39A5CB4D6E4DD08B35FF4FA3D4969D8E5396D38FB484B,IMPHASH=D2F471BB25AF6310EB67BD4EA99B4DBCtrueMicrosoft WindowsValid 10341000x800000000000000047954051Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.402{3BF36828-402D-611D-3A00-00000000CA01}36083628C:\Windows\system32\conhost.exe{3BF36828-6360-6125-46F4-00000000CA01}5292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000047954050Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.402{3BF36828-6360-6125-46F4-00000000CA01}5292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000047954049Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.402{3BF36828-6360-6125-46F4-00000000CA01}5292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000047954048Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.402{3BF36828-6360-6125-46F4-00000000CA01}5292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000047954047Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.402{3BF36828-6360-6125-46F4-00000000CA01}5292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exeMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8trueSplunk, Inc.Valid 10341000x800000000000000047954046Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.402{3BF36828-4019-611D-0500-00000000CA01}408528C:\Windows\system32\csrss.exe{3BF36828-6360-6125-46F4-00000000CA01}5292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000047954045Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.402{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954044Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.402{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954043Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.402{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954042Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.402{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954041Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.402{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954040Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.402{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954039Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.402{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954038Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.402{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954037Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.402{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954036Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.402{3BF36828-402C-611D-3000-00000000CA01}22204860C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3BF36828-6360-6125-46F4-00000000CA01}5292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000047954035Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.387{3BF36828-6360-6125-46F4-00000000CA01}5292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{3BF36828-4019-611D-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{3BF36828-402C-611D-3000-00000000CA01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000047954034Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:44.199{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=53A01A98B1E4200B0712BE7D8E9D8E68,SHA256=F5F5606DD95BD51EE123CA3F74C7935821F08F6070BDD1D089CC23718B1FA253,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954216Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.933{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=113E10682D19601DD5BCE9EA8D0D4571,SHA256=517E2417935607F8029163DB010E2D906F5BE758CA909A3BEB936DCFD4279D82,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954215Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.933{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=88A3E45ED5A42718CA21EE3372C42CD4,SHA256=CA465A0375A1AE624C5C8F60F8E9668F6A7A6096DA01A14AB6D1CA2CADE704CD,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x800000000000000047954214Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.824{3BF36828-6361-6125-48F4-00000000CA01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 23542300x800000000000000030724961Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:45.318{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=16E1BF8A557E5405D863148AD29C74BC,SHA256=0055AB1A7065B0FB2BAAD6EE207EEEB29D87BF7624DA610A8204849BC2E91739,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000047954213Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.824{3BF36828-6361-6125-48F4-00000000CA01}55642504C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{3BF36828-402C-611D-3000-00000000CA01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000047954212Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.824{3BF36828-6361-6125-48F4-00000000CA01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000047954211Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.808{3BF36828-6361-6125-48F4-00000000CA01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x800000000000000047954210Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.668{3BF36828-6361-6125-48F4-00000000CA01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000047954209Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.668{3BF36828-6361-6125-48F4-00000000CA01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=B6E99FD898E948657373BB02708C7C00,SHA256=90476029BD7AB0FEC53AAE567AE53BC0B09C7C5C8C7B8F19485BA872B74ED591,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000047954208Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.668{3BF36828-6361-6125-48F4-00000000CA01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000047954207Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.652{3BF36828-6361-6125-48F4-00000000CA01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000047954206Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.652{3BF36828-6361-6125-48F4-00000000CA01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000047954205Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.652{3BF36828-6361-6125-48F4-00000000CA01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000047954204Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.652{3BF36828-6361-6125-48F4-00000000CA01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000047954203Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.652{3BF36828-6361-6125-48F4-00000000CA01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000047954202Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.652{3BF36828-6361-6125-48F4-00000000CA01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000047954201Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.652{3BF36828-6361-6125-48F4-00000000CA01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000047954200Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.652{3BF36828-6361-6125-48F4-00000000CA01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000047954199Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.652{3BF36828-6361-6125-48F4-00000000CA01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000047954198Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.652{3BF36828-6361-6125-48F4-00000000CA01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=88632FDECDE467B887C3594BE2EC545C,SHA256=FFED4D80961917C785063411ED15CED1DB6588AD925E76D72E1BF684FFDBF25D,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000047954197Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.652{3BF36828-6361-6125-48F4-00000000CA01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000047954196Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.652{3BF36828-6361-6125-48F4-00000000CA01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000047954195Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.652{3BF36828-6361-6125-48F4-00000000CA01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000047954194Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.652{3BF36828-6361-6125-48F4-00000000CA01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000047954193Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.652{3BF36828-6361-6125-48F4-00000000CA01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000047954192Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.652{3BF36828-6361-6125-48F4-00000000CA01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000047954191Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.652{3BF36828-6361-6125-48F4-00000000CA01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000047954190Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.652{3BF36828-6361-6125-48F4-00000000CA01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000047954189Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.652{3BF36828-6361-6125-48F4-00000000CA01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000047954188Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.652{3BF36828-6361-6125-48F4-00000000CA01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000047954187Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.652{3BF36828-6361-6125-48F4-00000000CA01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000047954186Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.652{3BF36828-6361-6125-48F4-00000000CA01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4350 (rs1_release.210407-2154)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=BC930981DA6E598A6A2E87D8355CB38A,SHA256=34DB9A305C0574B5C1694A499221B520DFB2BFD894D8E95096ABF09F1182D758,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000047954185Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.652{3BF36828-6361-6125-48F4-00000000CA01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000047954184Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.652{3BF36828-6361-6125-48F4-00000000CA01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000047954183Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.652{3BF36828-6361-6125-48F4-00000000CA01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000047954182Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.652{3BF36828-6361-6125-48F4-00000000CA01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000047954181Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.652{3BF36828-6361-6125-48F4-00000000CA01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000047954180Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.652{3BF36828-6361-6125-48F4-00000000CA01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000047954179Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.652{3BF36828-6361-6125-48F4-00000000CA01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000047954178Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.652{3BF36828-6361-6125-48F4-00000000CA01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000047954177Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.652{3BF36828-6361-6125-48F4-00000000CA01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000047954176Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.652{3BF36828-6361-6125-48F4-00000000CA01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.2969 (rs1_release.190503-1820)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=F5442C4B9A99C3AED71BED79AC46DAD1,SHA256=05F47403F3BD93FB11F39A5CB4D6E4DD08B35FF4FA3D4969D8E5396D38FB484B,IMPHASH=D2F471BB25AF6310EB67BD4EA99B4DBCtrueMicrosoft WindowsValid 10341000x800000000000000047954175Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.652{3BF36828-402D-611D-3A00-00000000CA01}36083628C:\Windows\system32\conhost.exe{3BF36828-6361-6125-48F4-00000000CA01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000047954174Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.652{3BF36828-6361-6125-48F4-00000000CA01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000047954173Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.652{3BF36828-6361-6125-48F4-00000000CA01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000047954172Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.652{3BF36828-6361-6125-48F4-00000000CA01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 10341000x800000000000000047954171Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.652{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000047954170Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.652{3BF36828-6361-6125-48F4-00000000CA01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1CtrueSplunk, Inc.Valid 10341000x800000000000000047954169Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.652{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954168Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.652{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954167Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.652{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954166Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.652{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954165Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.652{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954164Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.652{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954163Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.652{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954162Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.652{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954161Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.652{3BF36828-4019-611D-0500-00000000CA01}408424C:\Windows\system32\csrss.exe{3BF36828-6361-6125-48F4-00000000CA01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000047954160Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.636{3BF36828-402C-611D-3000-00000000CA01}22204860C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3BF36828-6361-6125-48F4-00000000CA01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000047954159Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.637{3BF36828-6361-6125-48F4-00000000CA01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{3BF36828-4019-611D-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{3BF36828-402C-611D-3000-00000000CA01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000047954158Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:41.894{3BF36828-4037-611D-7100-00000000CA01}4948C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local53744-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000047954157Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.246{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2E8798EB4B0DFA0EAD56DE7C487C38FF,SHA256=0B43BE541695A83BA6B5743A62A217B056D572DD866632055CD3BC09EC9C32E1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954156Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.246{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C15F41D09E3D32A462D1B0C42FCAD874,SHA256=5BC8B54DDA7861A25C75A26FA125ADB3372786FB7801215369D2817D6ED364EE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x800000000000000047954155Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.152{3BF36828-6360-6125-47F4-00000000CA01}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000047954154Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.152{3BF36828-6360-6125-47F4-00000000CA01}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000047954153Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.152{3BF36828-6360-6125-47F4-00000000CA01}4288C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 23542300x800000000000000047954152Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.136{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=4E69369FD59477F681B9823A34580245,SHA256=CAAFACBFE2616798109660C7776C6E918A3104A3C83A7FA7E11E0E80638AC4B3,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954151Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:45.043{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=43176EB232DC0FBA0DF65DDAC92B5213,SHA256=ACE95991A56012577946C7AB6127888EB60A6726733105CA74068A9B5407CA17,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030724962Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:46.348{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=622B38AA3C1BD8C87B7C34F151C7453E,SHA256=07AC7CD2F7996AD4B1994513F319E432E1FE94201DB7B69FAC1C7CAD85308D62,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x800000000000000047954273Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.496{3BF36828-6362-6125-49F4-00000000CA01}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x800000000000000047954272Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.496{3BF36828-6362-6125-49F4-00000000CA01}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000047954271Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.496{3BF36828-6362-6125-49F4-00000000CA01}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x800000000000000047954270Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.355{3BF36828-6362-6125-49F4-00000000CA01}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000047954269Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.355{3BF36828-6362-6125-49F4-00000000CA01}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=B6E99FD898E948657373BB02708C7C00,SHA256=90476029BD7AB0FEC53AAE567AE53BC0B09C7C5C8C7B8F19485BA872B74ED591,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000047954268Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.355{3BF36828-6362-6125-49F4-00000000CA01}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000047954267Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.355{3BF36828-6362-6125-49F4-00000000CA01}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000047954266Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.355{3BF36828-6362-6125-49F4-00000000CA01}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000047954265Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.355{3BF36828-6362-6125-49F4-00000000CA01}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000047954264Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.355{3BF36828-6362-6125-49F4-00000000CA01}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000047954263Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.339{3BF36828-6362-6125-49F4-00000000CA01}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000047954262Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.339{3BF36828-6362-6125-49F4-00000000CA01}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000047954261Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.339{3BF36828-6362-6125-49F4-00000000CA01}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000047954260Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.339{3BF36828-6362-6125-49F4-00000000CA01}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000047954259Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.339{3BF36828-6362-6125-49F4-00000000CA01}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000047954258Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.339{3BF36828-6362-6125-49F4-00000000CA01}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000047954257Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.339{3BF36828-6362-6125-49F4-00000000CA01}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000047954256Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.339{3BF36828-6362-6125-49F4-00000000CA01}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\winspool.drv10.0.14393.4169 (rs1_release.210107-1130)Windows Spooler DriverMicrosoft® Windows® Operating SystemMicrosoft Corporationwinspool.drvMD5=D21FAA584F844E61375D95B5BE9115EE,SHA256=E221EA0081FDE7AAAD71A38016A8D470082B3732E9ED2D8ED7C97E9F41AF0045,IMPHASH=2005807FD04567B79F4109D23F9E6018trueMicrosoft WindowsValid 734700x800000000000000047954255Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.339{3BF36828-6362-6125-49F4-00000000CA01}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000047954254Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.339{3BF36828-6362-6125-49F4-00000000CA01}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000047954253Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.339{3BF36828-6362-6125-49F4-00000000CA01}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000047954252Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.339{3BF36828-6362-6125-49F4-00000000CA01}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000047954251Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.339{3BF36828-6362-6125-49F4-00000000CA01}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000047954250Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.339{3BF36828-6362-6125-49F4-00000000CA01}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\combase.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=88632FDECDE467B887C3594BE2EC545C,SHA256=FFED4D80961917C785063411ED15CED1DB6588AD925E76D72E1BF684FFDBF25D,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000047954249Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.339{3BF36828-6362-6125-49F4-00000000CA01}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000047954248Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.339{3BF36828-6362-6125-49F4-00000000CA01}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000047954247Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.339{3BF36828-6362-6125-49F4-00000000CA01}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000047954246Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.339{3BF36828-6362-6125-49F4-00000000CA01}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000047954245Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.339{3BF36828-6362-6125-49F4-00000000CA01}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000047954244Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.339{3BF36828-6362-6125-49F4-00000000CA01}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000047954243Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.339{3BF36828-6362-6125-49F4-00000000CA01}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000047954242Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.339{3BF36828-6362-6125-49F4-00000000CA01}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4350 (rs1_release.210407-2154)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=BC930981DA6E598A6A2E87D8355CB38A,SHA256=34DB9A305C0574B5C1694A499221B520DFB2BFD894D8E95096ABF09F1182D758,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000047954241Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.339{3BF36828-6362-6125-49F4-00000000CA01}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000047954240Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.339{3BF36828-6362-6125-49F4-00000000CA01}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000047954239Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.339{3BF36828-6362-6125-49F4-00000000CA01}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\advapi32.dll10.0.14393.2969 (rs1_release.190503-1820)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=F5442C4B9A99C3AED71BED79AC46DAD1,SHA256=05F47403F3BD93FB11F39A5CB4D6E4DD08B35FF4FA3D4969D8E5396D38FB484B,IMPHASH=D2F471BB25AF6310EB67BD4EA99B4DBCtrueMicrosoft WindowsValid 734700x800000000000000047954238Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.339{3BF36828-6362-6125-49F4-00000000CA01}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000047954237Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.339{3BF36828-6362-6125-49F4-00000000CA01}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000047954236Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.339{3BF36828-6362-6125-49F4-00000000CA01}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000047954235Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.339{3BF36828-6362-6125-49F4-00000000CA01}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 10341000x800000000000000047954234Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.339{3BF36828-402D-611D-3A00-00000000CA01}36083628C:\Windows\system32\conhost.exe{3BF36828-6362-6125-49F4-00000000CA01}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000047954233Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.339{3BF36828-6362-6125-49F4-00000000CA01}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000047954232Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.339{3BF36828-6362-6125-49F4-00000000CA01}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000047954231Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.339{3BF36828-6362-6125-49F4-00000000CA01}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 10341000x800000000000000047954230Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.339{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954229Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.339{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000047954228Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.339{3BF36828-6362-6125-49F4-00000000CA01}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exeMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748trueSplunk, Inc.Valid 10341000x800000000000000047954227Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.339{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954226Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.339{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954225Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.339{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954224Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.339{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954223Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.339{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954222Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.339{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954221Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.339{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954220Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.339{3BF36828-4019-611D-0500-00000000CA01}408528C:\Windows\system32\csrss.exe{3BF36828-6362-6125-49F4-00000000CA01}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000047954219Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.339{3BF36828-402C-611D-3000-00000000CA01}22204860C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3BF36828-6362-6125-49F4-00000000CA01}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000047954218Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.325{3BF36828-6362-6125-49F4-00000000CA01}4520C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{3BF36828-4019-611D-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{3BF36828-402C-611D-3000-00000000CA01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000047954217Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.324{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C359F0CD7A239FA9F24A9B768232D254,SHA256=9FD262A49A935657123BFA6CACD6D0C39A3AD300475139EC31A217AF578393B2,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954395Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.918{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=E53FE81C33DC2CE356CA8CA9BECFCE78,SHA256=950F41E905EA1ECF81B5E880DB33B4D3EF8FE69FBD3E521B38A7B970DA05C285,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954394Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.855{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F74F2F2FA4198C36EBB60B335CFE8264,SHA256=D956A642DDA2454F5B594B9F1541376A859C0041098107F478272F22BA0BF02A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x800000000000000047954393Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.808{3BF36828-6363-6125-4BF4-00000000CA01}6064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 10341000x800000000000000047954392Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.808{3BF36828-6363-6125-4BF4-00000000CA01}60644388C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{3BF36828-402C-611D-3000-00000000CA01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000047954391Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.808{3BF36828-6363-6125-4BF4-00000000CA01}6064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 23542300x800000000000000030724963Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:47.349{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AAA1C8338BFD35CF0FF03091B0D3E38F,SHA256=D1E989855922BB6EBAA87C188216912223A1B8FAAD64BDCB8C10FE04B1F6842F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x800000000000000047954390Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.808{3BF36828-6363-6125-4BF4-00000000CA01}6064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 23542300x800000000000000047954389Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.761{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=E3D4811D3E8A6270EFFAF5C04F920C12,SHA256=8B05C0F22C42FFEF52FFC4741CF6CDA0C2AB71E4CA876D4AC96C3EFFCAA61691,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954388Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.668{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=3FEFE4DEABF4897A85ACC4DFE5626A6C,SHA256=24D71638CA0F6488D73871B4DB1000DF58A050B8A35F24FC908C209F78383DBA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x800000000000000047954387Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.621{3BF36828-6363-6125-4BF4-00000000CA01}6064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000047954386Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.621{3BF36828-6363-6125-4BF4-00000000CA01}6064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=B6E99FD898E948657373BB02708C7C00,SHA256=90476029BD7AB0FEC53AAE567AE53BC0B09C7C5C8C7B8F19485BA872B74ED591,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000047954385Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.621{3BF36828-6363-6125-4BF4-00000000CA01}6064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000047954384Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.621{3BF36828-6363-6125-4BF4-00000000CA01}6064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000047954383Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.621{3BF36828-6363-6125-4BF4-00000000CA01}6064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000047954382Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.621{3BF36828-6363-6125-4BF4-00000000CA01}6064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000047954381Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.621{3BF36828-6363-6125-4BF4-00000000CA01}6064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000047954380Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.621{3BF36828-6363-6125-4BF4-00000000CA01}6064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000047954379Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.621{3BF36828-6363-6125-4BF4-00000000CA01}6064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000047954378Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.621{3BF36828-6363-6125-4BF4-00000000CA01}6064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000047954377Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.621{3BF36828-6363-6125-4BF4-00000000CA01}6064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000047954376Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.605{3BF36828-6363-6125-4BF4-00000000CA01}6064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000047954375Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.605{3BF36828-6363-6125-4BF4-00000000CA01}6064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\combase.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=88632FDECDE467B887C3594BE2EC545C,SHA256=FFED4D80961917C785063411ED15CED1DB6588AD925E76D72E1BF684FFDBF25D,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000047954374Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.605{3BF36828-6363-6125-4BF4-00000000CA01}6064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000047954373Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.605{3BF36828-6363-6125-4BF4-00000000CA01}6064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000047954372Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.605{3BF36828-6363-6125-4BF4-00000000CA01}6064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000047954371Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.605{3BF36828-6363-6125-4BF4-00000000CA01}6064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000047954370Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.605{3BF36828-6363-6125-4BF4-00000000CA01}6064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000047954369Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.605{3BF36828-6363-6125-4BF4-00000000CA01}6064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000047954368Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.605{3BF36828-6363-6125-4BF4-00000000CA01}6064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000047954367Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.605{3BF36828-6363-6125-4BF4-00000000CA01}6064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000047954366Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.605{3BF36828-6363-6125-4BF4-00000000CA01}6064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000047954365Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.605{3BF36828-6363-6125-4BF4-00000000CA01}6064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000047954364Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.605{3BF36828-6363-6125-4BF4-00000000CA01}6064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000047954363Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.605{3BF36828-6363-6125-4BF4-00000000CA01}6064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000047954362Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.605{3BF36828-6363-6125-4BF4-00000000CA01}6064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000047954361Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.605{3BF36828-6363-6125-4BF4-00000000CA01}6064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000047954360Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.605{3BF36828-6363-6125-4BF4-00000000CA01}6064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5,IMPHASH=0D8FF9DE2DA5C07D680347B1A098E759trueMicrosoft WindowsValid 734700x800000000000000047954359Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.605{3BF36828-6363-6125-4BF4-00000000CA01}6064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4350 (rs1_release.210407-2154)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=BC930981DA6E598A6A2E87D8355CB38A,SHA256=34DB9A305C0574B5C1694A499221B520DFB2BFD894D8E95096ABF09F1182D758,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000047954358Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.605{3BF36828-6363-6125-4BF4-00000000CA01}6064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000047954357Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.605{3BF36828-6363-6125-4BF4-00000000CA01}6064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000047954356Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.605{3BF36828-6363-6125-4BF4-00000000CA01}6064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000047954355Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.605{3BF36828-6363-6125-4BF4-00000000CA01}6064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000047954354Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.605{3BF36828-6363-6125-4BF4-00000000CA01}6064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000047954353Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.605{3BF36828-6363-6125-4BF4-00000000CA01}6064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000047954352Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.605{3BF36828-6363-6125-4BF4-00000000CA01}6064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\advapi32.dll10.0.14393.2969 (rs1_release.190503-1820)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=F5442C4B9A99C3AED71BED79AC46DAD1,SHA256=05F47403F3BD93FB11F39A5CB4D6E4DD08B35FF4FA3D4969D8E5396D38FB484B,IMPHASH=D2F471BB25AF6310EB67BD4EA99B4DBCtrueMicrosoft WindowsValid 10341000x800000000000000047954351Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.605{3BF36828-402D-611D-3A00-00000000CA01}36083628C:\Windows\system32\conhost.exe{3BF36828-6363-6125-4BF4-00000000CA01}6064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000047954350Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.605{3BF36828-6363-6125-4BF4-00000000CA01}6064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000047954349Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.605{3BF36828-6363-6125-4BF4-00000000CA01}6064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000047954348Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.605{3BF36828-6363-6125-4BF4-00000000CA01}6064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000047954347Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.605{3BF36828-6363-6125-4BF4-00000000CA01}6064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exeMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25trueSplunk, Inc.Valid 10341000x800000000000000047954346Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.589{3BF36828-4019-611D-0500-00000000CA01}408356C:\Windows\system32\csrss.exe{3BF36828-6363-6125-4BF4-00000000CA01}6064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000047954345Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.589{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954344Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.589{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954343Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.589{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954342Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.589{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954341Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.589{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954340Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.589{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954339Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.589{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954338Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.589{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954337Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.589{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954336Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.589{3BF36828-402C-611D-3000-00000000CA01}22204860C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3BF36828-6363-6125-4BF4-00000000CA01}6064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000047954335Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.579{3BF36828-6363-6125-4BF4-00000000CA01}6064C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{3BF36828-4019-611D-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{3BF36828-402C-611D-3000-00000000CA01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000047954334Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.574{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=31445412F3A65E0142756177ED5E80A3,SHA256=51DB9BAFC1CF1684D5536CE11B6AD3953CF288BD25D19453C28ACD2752DE08EA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954333Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.480{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=69DEBEAB3024D1AE133569EC294DCC73,SHA256=632A39D580709FB518EB1E0A0CD8AC553C54D10FCADD00A999647666353F6B22,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954332Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.418{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B0F59F537CFD7D2E79204EBD236D41C7,SHA256=AB261CDF52C68FDFDA814986414188A766405C4A93CB7974B307253099F6E219,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x800000000000000047954331Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.215{3BF36828-6363-6125-4AF4-00000000CA01}3724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 10341000x800000000000000047954330Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.215{3BF36828-6363-6125-4AF4-00000000CA01}37244772C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{3BF36828-402C-611D-3000-00000000CA01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000047954329Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.215{3BF36828-6363-6125-4AF4-00000000CA01}3724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x800000000000000047954328Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.215{3BF36828-6363-6125-4AF4-00000000CA01}3724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 23542300x800000000000000047954327Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.183{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=5014FA03ADC428BE423AAEE49E93CCF5,SHA256=995E3C5B46BEC170E6E155AF903FFEED8E14285851E8B7C8B2E3E375A5EEF0F7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954326Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.183{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=338745D087ED493152C5FCE164AFD8AC,SHA256=066A88DCD201A4AC903CF7A266976466043A17D63529B897D2CF884B521BE288,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x800000000000000047954325Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.043{3BF36828-6363-6125-4AF4-00000000CA01}3724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x800000000000000047954324Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.043{3BF36828-6363-6125-4AF4-00000000CA01}3724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=B6E99FD898E948657373BB02708C7C00,SHA256=90476029BD7AB0FEC53AAE567AE53BC0B09C7C5C8C7B8F19485BA872B74ED591,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x800000000000000047954323Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.043{3BF36828-6363-6125-4AF4-00000000CA01}3724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x800000000000000047954322Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.043{3BF36828-6363-6125-4AF4-00000000CA01}3724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x800000000000000047954321Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.043{3BF36828-6363-6125-4AF4-00000000CA01}3724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x800000000000000047954320Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.043{3BF36828-6363-6125-4AF4-00000000CA01}3724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x800000000000000047954319Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.043{3BF36828-6363-6125-4AF4-00000000CA01}3724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x800000000000000047954318Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.043{3BF36828-6363-6125-4AF4-00000000CA01}3724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x800000000000000047954317Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.027{3BF36828-6363-6125-4AF4-00000000CA01}3724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x800000000000000047954316Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.027{3BF36828-6363-6125-4AF4-00000000CA01}3724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x800000000000000047954315Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.027{3BF36828-6363-6125-4AF4-00000000CA01}3724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x800000000000000047954314Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.027{3BF36828-6363-6125-4AF4-00000000CA01}3724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x800000000000000047954313Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.027{3BF36828-6363-6125-4AF4-00000000CA01}3724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=88632FDECDE467B887C3594BE2EC545C,SHA256=FFED4D80961917C785063411ED15CED1DB6588AD925E76D72E1BF684FFDBF25D,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x800000000000000047954312Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.027{3BF36828-6363-6125-4AF4-00000000CA01}3724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x800000000000000047954311Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.027{3BF36828-6363-6125-4AF4-00000000CA01}3724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x800000000000000047954310Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.027{3BF36828-6363-6125-4AF4-00000000CA01}3724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x800000000000000047954309Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.027{3BF36828-6363-6125-4AF4-00000000CA01}3724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x800000000000000047954308Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.027{3BF36828-6363-6125-4AF4-00000000CA01}3724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x800000000000000047954307Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.027{3BF36828-6363-6125-4AF4-00000000CA01}3724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x800000000000000047954306Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.027{3BF36828-6363-6125-4AF4-00000000CA01}3724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x800000000000000047954305Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.027{3BF36828-6363-6125-4AF4-00000000CA01}3724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x800000000000000047954304Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.027{3BF36828-6363-6125-4AF4-00000000CA01}3724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x800000000000000047954303Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.027{3BF36828-6363-6125-4AF4-00000000CA01}3724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x800000000000000047954302Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.027{3BF36828-6363-6125-4AF4-00000000CA01}3724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x800000000000000047954301Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.027{3BF36828-6363-6125-4AF4-00000000CA01}3724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x800000000000000047954300Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.027{3BF36828-6363-6125-4AF4-00000000CA01}3724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4350 (rs1_release.210407-2154)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=BC930981DA6E598A6A2E87D8355CB38A,SHA256=34DB9A305C0574B5C1694A499221B520DFB2BFD894D8E95096ABF09F1182D758,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x800000000000000047954299Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.027{3BF36828-6363-6125-4AF4-00000000CA01}3724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x800000000000000047954298Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.027{3BF36828-6363-6125-4AF4-00000000CA01}3724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x800000000000000047954297Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.027{3BF36828-6363-6125-4AF4-00000000CA01}3724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x800000000000000047954296Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.027{3BF36828-6363-6125-4AF4-00000000CA01}3724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x800000000000000047954295Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.027{3BF36828-6363-6125-4AF4-00000000CA01}3724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x800000000000000047954294Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.027{3BF36828-6363-6125-4AF4-00000000CA01}3724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x800000000000000047954293Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.027{3BF36828-6363-6125-4AF4-00000000CA01}3724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x800000000000000047954292Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.027{3BF36828-6363-6125-4AF4-00000000CA01}3724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x800000000000000047954291Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.027{3BF36828-6363-6125-4AF4-00000000CA01}3724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.2969 (rs1_release.190503-1820)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=F5442C4B9A99C3AED71BED79AC46DAD1,SHA256=05F47403F3BD93FB11F39A5CB4D6E4DD08B35FF4FA3D4969D8E5396D38FB484B,IMPHASH=D2F471BB25AF6310EB67BD4EA99B4DBCtrueMicrosoft WindowsValid 10341000x800000000000000047954290Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.027{3BF36828-402D-611D-3A00-00000000CA01}36083628C:\Windows\system32\conhost.exe{3BF36828-6363-6125-4AF4-00000000CA01}3724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000047954289Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.027{3BF36828-6363-6125-4AF4-00000000CA01}3724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x800000000000000047954288Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.027{3BF36828-6363-6125-4AF4-00000000CA01}3724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x800000000000000047954287Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.027{3BF36828-6363-6125-4AF4-00000000CA01}3724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 10341000x800000000000000047954286Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.027{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954285Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.027{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000047954284Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.027{3BF36828-6363-6125-4AF4-00000000CA01}3724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1CtrueSplunk, Inc.Valid 10341000x800000000000000047954283Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.027{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954282Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.027{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954281Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.027{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954280Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.027{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954279Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.027{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954278Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.027{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954277Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.027{3BF36828-401B-611D-0C00-00000000CA01}8362216C:\Windows\system32\svchost.exe{3BF36828-402C-611D-2B00-00000000CA01}3012C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954276Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.027{3BF36828-4019-611D-0500-00000000CA01}408424C:\Windows\system32\csrss.exe{3BF36828-6363-6125-4AF4-00000000CA01}3724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000047954275Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.027{3BF36828-402C-611D-3000-00000000CA01}22204860C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3BF36828-6363-6125-4AF4-00000000CA01}3724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000047954274Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:47.012{3BF36828-6363-6125-4AF4-00000000CA01}3724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{3BF36828-4019-611D-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{3BF36828-402C-611D-3000-00000000CA01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000030724965Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:54.155{B81B27B7-401D-611D-6900-00000000C801}3616C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58831-false10.0.1.12-8000- 23542300x800000000000000030724964Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:48.351{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=42049CF429787CA028FC6F1253C7E0E2,SHA256=46E1CC73F9A790A5F2186277DE150E879D6590950843EF1EA601F51BDACD5F9B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954397Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:48.574{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=812F72120DF912BC25448585D20D18DE,SHA256=EAC41931184C1F2566D082CC0618B636E7652F404661414D9FDA3D82D2DCDA49,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954396Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:48.152{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=5FD78D03FCFF8C5DC00480B3BF320043,SHA256=9C664D65FD08D60D0DF3D652C61F3FB4A1BDA587FC32B1DF2DD49DFE6C9E1CBD,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954399Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:49.605{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=61C4B3B6137E7CA617175A2446FB38FF,SHA256=27DCCB4BC90776D3D0596DF8F3037AEC3D2115420CF811D022E185D0C22B9875,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030724966Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:49.371{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E7E44870664070DFCD05424B43ACBB85,SHA256=A79D594F12B47F8904F9CC08C8645F7CF5C4A5B729183042060FBEC55F886B9D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954398Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:49.402{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=272E67E127C92684EA6BC2630D2D600D,SHA256=DDE0E2EB0B6ED437AB9095D35D57D9FCE3C4D4B2F5BB7C977E982EB863ECBBC4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954402Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:50.746{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=5FB8B9799D9B6F66020A469AF0261ED3,SHA256=214BECA176D451D1C258535D0B15E660165489EA8E7931123495235645A589B7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954401Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:50.746{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1C9271326F8DB1BDC92C97251997D841,SHA256=A08D69D5E9314C49BF3EE989D475569028E0D7867844760705F967AAD576F434,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030724967Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:50.405{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=000218E440FE1D5E8C71964C3691AB29,SHA256=1D3A56E5A17E51A7F0CA66CB90376B3D5718EF6F516627A7FCA61E85E8C760CC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000047954400Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:46.938{3BF36828-4037-611D-7100-00000000CA01}4948C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local53745-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000047954404Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:51.871{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=54D89BADCD8555084CCE77F591A52320,SHA256=A2E6F19C49C6CCF0E9AD664C452EE080657D78B912C8948D51B9B949F1882CF8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954403Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:51.761{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E6F5B9CDBAB06562E1DB7D40CB09674F,SHA256=976182C0EAB7E154F13DCDF132465856C5D92F3503BA8E83B8310B8DD3AFA25D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030724968Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:51.422{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=89CF4C7FA196D34312310BEC22AB2A57,SHA256=26D10889C42E079F1659462AB137522F5147F13F31D82C03C829BA7835ED0D43,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954405Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:52.777{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ED60B3B5F68261F37B1B6AE358DC6066,SHA256=39A5FE3326BB0592546DBD823DFFEEC42BD4B872F88955ABC8400FF5B926A3CB,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030724969Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:52.437{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0E3E369C1E661B5358802BA6027CFCC9,SHA256=FE91D4408DC07273DD910F108A00709CE03FF4F573AEC5D0B811B935733676B3,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954407Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:53.808{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=276094B7E68ED702644861861B4FF3E5,SHA256=1D2292C4062708CE1A154C4102AFD4659C703E2B0C0273DE8BE1018B1D5BB651,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030724970Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:53.468{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=12E7C56F93FB576C849197FAA5366AB5,SHA256=9B6B2C265480D37FDF9592A236B7C2760D1FC9E5D54CE05A29E6F935305A6680,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954406Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:53.011{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C2B7022F4602463DE4D5851900072809,SHA256=16A3BFC83DAC1768FFA8B8A0FD131E4C5041FB8787382A973E458A60E93FF74D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000030724972Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:59.959{B81B27B7-401D-611D-6900-00000000C801}3616C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58832-false10.0.1.12-8000- 23542300x800000000000000030724971Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:54.504{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9132089926DCD50F12801BBFBB0BB627,SHA256=2D266BD335500E13DD8E7600C384FE6BB24CCCCBD6053EFD9C8C3D4B45B96E41,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954409Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:54.824{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B80C6D2466ACF96C840BEF0FCCE032C8,SHA256=DC8FB585EDD295EADA1DA9C8DE293D3ABB7F919F1D117E5389FF073828B39BB9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954408Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:54.293{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=7F775B217C5A17772E83F3CE12FB8608,SHA256=0C08F61E4E255020FC18D7ECC6A02E5BD95715ECDAECCB2CF51D23E01602E08D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954412Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:55.842{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=159A251160B9078BB6C85C0D0E459B47,SHA256=F0C5B5531FE52AE1DF663FB1FBB64A9FDDB03EEF3DF52A727353CE63103847E9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030724973Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:55.520{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1DE45E640DFEBF6C97BF550A265498CF,SHA256=BEA48CF2A937D2E2207AD8C3EE12A82D54CD83A5637C9BB057E6D9076C6968B6,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000047954411Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:52.001{3BF36828-4037-611D-7100-00000000CA01}4948C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local53746-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000047954410Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:55.544{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A91200F7446E044917ACA2A2D86EE04A,SHA256=0CB41945B3216CE3908966D0072116D9397E99ED1AEF1CF38C94EBF781F162A4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954426Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:56.860{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=39451FACA19F7F14DC5F4368AC220B96,SHA256=7C697468FFE41626C28739EC5AE4D6BF60706975F682C24BD7A2FD8172188439,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030724974Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:56.535{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=87751D041241AD60B8F16D1BAC63D691,SHA256=4A5B73C775FBCADDAF30886A4CC433F160D73535EDDF5260D8A1F1CB8F451A26,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000047954425Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:56.545{3BF36828-401B-611D-0D00-00000000CA01}896916C:\Windows\system32\svchost.exe{3BF36828-5A87-611D-C803-00000000CA01}2472C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954424Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:56.545{3BF36828-401B-611D-0D00-00000000CA01}896916C:\Windows\system32\svchost.exe{3BF36828-5A87-611D-C803-00000000CA01}2472C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954423Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:56.545{3BF36828-401B-611D-0D00-00000000CA01}896916C:\Windows\system32\svchost.exe{3BF36828-5A87-611D-C803-00000000CA01}2472C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954422Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:56.545{3BF36828-401B-611D-0D00-00000000CA01}896916C:\Windows\system32\svchost.exe{3BF36828-5A86-611D-C703-00000000CA01}1944C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954421Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:56.545{3BF36828-401B-611D-0D00-00000000CA01}896916C:\Windows\system32\svchost.exe{3BF36828-5A86-611D-C703-00000000CA01}1944C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954420Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:56.545{3BF36828-401B-611D-0D00-00000000CA01}896916C:\Windows\system32\svchost.exe{3BF36828-5A86-611D-C703-00000000CA01}1944C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954419Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:56.545{3BF36828-401B-611D-0D00-00000000CA01}896916C:\Windows\system32\svchost.exe{3BF36828-5A86-611D-C703-00000000CA01}1944C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954418Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:56.545{3BF36828-401B-611D-0D00-00000000CA01}896916C:\Windows\system32\svchost.exe{3BF36828-5A86-611D-C703-00000000CA01}1944C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954417Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:56.545{3BF36828-401B-611D-0D00-00000000CA01}896916C:\Windows\system32\svchost.exe{3BF36828-5A86-611D-C703-00000000CA01}1944C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954416Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:56.545{3BF36828-401B-611D-0D00-00000000CA01}896916C:\Windows\system32\svchost.exe{3BF36828-5A86-611D-C703-00000000CA01}1944C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954415Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:56.545{3BF36828-401B-611D-0D00-00000000CA01}896916C:\Windows\system32\svchost.exe{3BF36828-5A86-611D-C703-00000000CA01}1944C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000047954414Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:56.545{3BF36828-401B-611D-0D00-00000000CA01}896916C:\Windows\system32\svchost.exe{3BF36828-5A86-611D-C703-00000000CA01}1944C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000047954413Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:56.529{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=064F48F282433C7DFC6A71D5C1876591,SHA256=7E6EC86FEEEA03BE45C2C486E82235711D2E8AB29A696BA86A8CDE3BA7D880CD,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030724975Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:57.566{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1B3CEACC186D2AF6A76448E741398E06,SHA256=4F65D1C4654C5AE620076830BFC3B01373D8F1E4E0BEDBA093092838AD4129E4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030724976Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:58.585{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F0C6F15EBFDC654988E5520C5DD940C5,SHA256=2E7F6BAAF80E0960CC428602B894C32321003A8A64A3B536CF45B848E77F1FA8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954428Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:58.019{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F6EC3835EC3606C71977D5F0FE0D7C44,SHA256=BA7A24829090B3B5A51C3E7420A109382A465994ACAB011A0AB1A5DC2E8EE11A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954427Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:58.019{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ABD8313B548BA8A71F8BBC5878022347,SHA256=242487EC96B4D7698586DF9648115B506834528A6466A24344B9B7129FFFDA06,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030724977Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:23:59.600{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FB243EEB266810B3B8CB5B0C52955B0E,SHA256=B0F210E955A36E0297122B9F8F773EF3689E696B79FC0B9322DFC932666728E0,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954430Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:59.160{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=FA66FAB3BFD390F8C5C1532DC0472847,SHA256=39C0663A26B621E1ACA556853A6F66C84BADC16E5F3C18B7E7270136199D4587,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954429Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:59.019{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0278E11060F34B65F71FC5925CA5AF5F,SHA256=8CD8BE5C5559B585E810CFF2212E0FD663D205F8D966FC1E9EF447CAA859718E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030724979Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:00.630{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=10BF5B97C81B733914E06399EACAAF87,SHA256=B117FE007FCF0B109C292966DFA641FD5864AEDAE8947082896614B6328503C3,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000047954433Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:23:57.071{3BF36828-4037-611D-7100-00000000CA01}4948C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local53747-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000047954432Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:00.175{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=6952ABE46045C5FAD62C770D14AFE140,SHA256=ADBD3ED68281D6D081C38DA08BC7D028145100492307B2BC0F1F82A2B24B0D25,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954431Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:00.035{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=158DE974D24B3340B817F09F436D9539,SHA256=305851BFC7E9FD479340D529D1FD167DCA79BCAFC13E18463F0328F547725292,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030724978Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:00.146{B81B27B7-4012-611D-1100-00000000C801}968NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=ABC1355561EFF0E7F324FABCBFEDAD48,SHA256=EF3A6B207AF406928D294D81E3BB7D3FE2A70EC0F4453F9FDA322140E5F30CDE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030724981Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:01.645{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F21AAD689687A8735ABC0E0DF36281DD,SHA256=CD5EB2D1CC3D81DC0F96B02C87BEB8DBA8D4108CF2D05F657305211A859891A1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954435Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:01.550{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B35041961DBFD0552441467A6539D651,SHA256=55A0E9373A7CF10E9E5A885A40AD0D85810782732220C59970B26AB299AD39F8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954434Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:01.050{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D2E5F73E58EFF75E04F7D36384DEB773,SHA256=14EC17D66E6A58256D8951623D0792580C47BA4812F9DC187F4257B7F061E156,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000030724980Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:05.143{B81B27B7-401D-611D-6900-00000000C801}3616C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58833-false10.0.1.12-8000- 23542300x800000000000000030724982Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:02.661{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B2642A83E5F91D3ADE54F17FC054BC84,SHA256=26DA4B0EAE6D7E9649293683E182DACFD9844AB9D5BE033377C4E54E124D5D07,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954437Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:02.628{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=EC5FED708B0C92E2EBB2C0D9E0E0DDB8,SHA256=990820EBB7A215FEBE70DD744B3D67FE1499E769927994719202CDF0AC413654,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954436Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:02.050{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8E4029E1C89A7F1B503E81D2B987436C,SHA256=F027E1938102BB7F0C2E0E1B25C3B1FE620341F2B30B1D643D57AB34CF224D99,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000030724991Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:03.861{B81B27B7-4014-611D-3000-00000000C801}31443164C:\Windows\system32\conhost.exe{B81B27B7-6373-6125-5800-01000000C801}6308C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030724990Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:03.843{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030724989Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:03.843{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030724988Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:03.843{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030724987Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:03.843{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030724986Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:03.843{B81B27B7-4012-611D-0500-00000000C801}420436C:\Windows\system32\csrss.exe{B81B27B7-6373-6125-5800-01000000C801}6308C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000030724985Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:03.843{B81B27B7-4013-611D-2700-00000000C801}20763760C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{B81B27B7-6373-6125-5800-01000000C801}6308C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000030724984Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:03.844{B81B27B7-6373-6125-5800-01000000C801}6308C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{B81B27B7-4012-611D-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{B81B27B7-4013-611D-2700-00000000C801}2076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000030724983Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:03.681{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D353B4862855A7E48970336168E35AB1,SHA256=1A7652065807B6418ED81650A22ADDFE8531610A50CE6AF69A01995E4ED6BBDD,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954439Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:03.879{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=E54D267BCA5D0E2BAD1D0BB097915679,SHA256=960AFC06AA97654446AD3B6F6B08BFFBA7855A8ACB7E6ABD59CB12CBEA73B07D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954438Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:03.066{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=02B88914DC04C59E5A8924C8ECF9B06D,SHA256=5B59F8CF05698E8BDA98A38FBA4EAC06AAA16F121510175F9C51DCF0C69B3452,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725003Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:04.852{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=96BE8E4F0127D62A515CE1ABC0B39E1E,SHA256=6095E09C36195E153FECC95B6CEEB10BD17DFB4FA5749818C54E02C2FE499A00,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725002Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:04.852{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=8367D34B135919B047E262D8E431ECCB,SHA256=D86126728D755A06B3EB77BCE7C8651C9A09FC998C031417BD9F91F969A292BB,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000030725001Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:04.690{B81B27B7-6374-6125-5900-01000000C801}60804132C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{B81B27B7-4013-611D-2700-00000000C801}2076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000030725000Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:04.690{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=30C24CE00813197835AC3943CC2B29F8,SHA256=A5D3945C95A9CC4DD4E88B9F6D09C512FDB38E52B9A586AEEFD0ACF2D73A50F5,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954440Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:04.082{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BA1587CCF779A1D46968732F5CDFFEB1,SHA256=2053C5F982CD9AA0696A7252A8C0A3542A165572391D1FDA40B11BCCBCA2125F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000030724999Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:04.553{B81B27B7-4014-611D-3000-00000000C801}31443164C:\Windows\system32\conhost.exe{B81B27B7-6374-6125-5900-01000000C801}6080C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030724998Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:04.553{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030724997Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:04.553{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030724996Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:04.553{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030724995Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:04.553{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030724994Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:04.553{B81B27B7-4012-611D-0500-00000000C801}420436C:\Windows\system32\csrss.exe{B81B27B7-6374-6125-5900-01000000C801}6080C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000030724993Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:04.553{B81B27B7-4013-611D-2700-00000000C801}20763760C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{B81B27B7-6374-6125-5900-01000000C801}6080C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000030724992Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:04.538{B81B27B7-6374-6125-5900-01000000C801}6080C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{B81B27B7-4012-611D-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{B81B27B7-4013-611D-2700-00000000C801}2076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000030725004Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:05.736{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C2F1DB516D62A6C9BBF95D1C433E4AE9,SHA256=CB36ADFAE6F79724A8AB67887BBD8803803AAAACA216F3286A818FD16013EC40,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000047954444Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:01.790{3BF36828-4019-611D-0B00-00000000CA01}628C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-128.attackrange.local53748-true0:0:0:0:0:0:0:1win-dc-128.attackrange.local389ldap 354300x800000000000000047954443Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:01.790{3BF36828-402C-611D-2900-00000000CA01}2928C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-128.attackrange.local53748-true0:0:0:0:0:0:0:1win-dc-128.attackrange.local389ldap 23542300x800000000000000047954442Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:05.175{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=BBA203C1E2967438CAF0E396A5A6627A,SHA256=FF075B3EFF5448B615783CD18DA9F309EB0B621D087955EB99D6209D30D6ED57,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954441Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:05.097{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=365CD745D3BCC82F14B970AD9707E7BA,SHA256=51643F2018EB2192BF1DB2ED0A9432A56F9AE62101E2EC9B5D894A41E81B6D42,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725006Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:06.751{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BB974D057753DD32DC409BB4E398642F,SHA256=B692A540058412453E8548A2F4BD7C0FB3F21A983F7AF8B94D43BBE18F2D4164,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000047954447Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:03.071{3BF36828-4037-611D-7100-00000000CA01}4948C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local53749-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000047954446Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:06.472{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=6C11691E043BFBF204026D04FC206CFF,SHA256=C73CA67BE721B88D9A810916F1730F4EACDF538FB81CEC2C0AAAB141C9539F88,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954445Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:06.144{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C0D146B6C38B4637D07D51DE79A7BCD4,SHA256=7774FE48ACB9927903740E3C09757680A3AA836FF4038A6F02AF9813BA9B158B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000030725005Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:11.132{B81B27B7-401D-611D-6900-00000000C801}3616C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58834-false10.0.1.12-8000- 23542300x800000000000000030725007Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:07.769{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=42C7AE0E1E8BC9405F91859522A3AB2C,SHA256=0043C201730BC3F31E8E0F2FAAF00FF908519B00953B27F8C3E2F95723BC2A7C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954449Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:07.800{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=5195FF4D0FD6045814355720D6C7AF16,SHA256=E26DE60977F9A9AEDBE961587F9B05B113D90B0D340EDA6A40CCB57DD3919200,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954448Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:07.175{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B0E889F36769FB00E5F351739E9540D9,SHA256=BC6A6D3E1EDBBBDB18EB069B1E2BFCE9592A246886653E9F14CAAE67AEDA92FA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725008Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:08.817{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8F0553D591DE6DC8DB346E01667B8E92,SHA256=D7A3C79823257DA54D6A500A07D3D0A685ED1262D35A75BAC3F6D20D2A704681,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954461Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:08.878{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=1829760AFA68F76738B379CF4D9B9A5F,SHA256=DF36A28DDCD2C0962B2648B3229C9B85E2A837CF994177A396F1B953B4E07263,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 13241300x800000000000000047954460Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-SetValue2021-08-24 21:24:08.503{3BF36828-4019-611D-0B00-00000000CA01}628C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000047954459Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-SetValue2021-08-24 21:24:08.503{3BF36828-4019-611D-0B00-00000000CA01}628C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x1fca3326) 13241300x800000000000000047954458Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-SetValue2021-08-24 21:24:08.503{3BF36828-4019-611D-0B00-00000000CA01}628C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d79925-0xfdc60f75) 13241300x800000000000000047954457Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-SetValue2021-08-24 21:24:08.503{3BF36828-4019-611D-0B00-00000000CA01}628C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7992e-0x5f8a7775) 13241300x800000000000000047954456Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-SetValue2021-08-24 21:24:08.503{3BF36828-4019-611D-0B00-00000000CA01}628C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d79936-0xc14edf75) 13241300x800000000000000047954455Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-SetValue2021-08-24 21:24:08.503{3BF36828-4019-611D-0B00-00000000CA01}628C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000047954454Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-SetValue2021-08-24 21:24:08.503{3BF36828-4019-611D-0B00-00000000CA01}628C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x1fca3326) 13241300x800000000000000047954453Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-SetValue2021-08-24 21:24:08.503{3BF36828-4019-611D-0B00-00000000CA01}628C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d79925-0xfdc60f75) 13241300x800000000000000047954452Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-SetValue2021-08-24 21:24:08.503{3BF36828-4019-611D-0B00-00000000CA01}628C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7992e-0x5f8a7775) 13241300x800000000000000047954451Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-SetValue2021-08-24 21:24:08.503{3BF36828-4019-611D-0B00-00000000CA01}628C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d79936-0xc14edf75) 23542300x800000000000000047954450Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:08.207{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AE78159E93FA29ABF361CDF3F139F803,SHA256=2C3E833626971EED04A2B09835E1FC1E4497F995D5DA37861640998CC8C4E321,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725009Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:09.865{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=885434D8D25760B300EE4729B5978FD0,SHA256=48A81C871C9F65F151B964C93769539E9B29502747243D03C04E147477B9F1A0,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954462Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:09.222{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F9DA7D83BAE0FD487ADA3D83946CB668,SHA256=EE0527BA8A8FFF63B2A2C54E3BD738841E1F72EA67D6B7BBE98A8B40DDB3787A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725010Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:10.964{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0AB28430C7B6CF4044BA1E22D92BE3A0,SHA256=7822D13212CC798BA5110B2AD5F5E88D07E12FEBAEE7A8BE22F8D64E63930226,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954464Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:10.394{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F823DBAA96E02147E3408180CD9E4829,SHA256=C094700AB54ADD566F91986840A97C13143FE9273C548B82E5B1126D4E9FDA78,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954463Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:10.238{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=21C7796785C54643AC97EE0B1E721DA0,SHA256=F8DBD09EC528A9F27BBC7D5207536C2BECC36850880519AD3B849FAD2990E594,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725011Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:11.983{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=54191361D536991455C2548FBD754BDE,SHA256=AFC16FA80908C81F03EED3D883DE54F912D72178E16BBF16567D622FC4F5CC58,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954467Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:11.519{3BF36828-402C-611D-3000-00000000CA01}2220NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=9D45E1BDB6F237A6CF51FFC6A12E6130,SHA256=87EEE278CDF62B2B86AF9CB87BDB04BAFB10272CEA175D83979B0C43158C5AB9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954466Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:11.441{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=32070149A062C26D7E94E30E5B625F96,SHA256=3D03C2BDD07739364B287CA38D53291F4CDF7AC17CFD206306B4515FDCABA77C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954465Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:11.238{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8A866F93B3AE956DE3E66A46CA058048,SHA256=559AB2B3ADD27E36348F3332DBE34FC90B758DD98FBA0D2CC9D2A98D6811B6D1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000030725012Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:17.111{B81B27B7-401D-611D-6900-00000000C801}3616C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58835-false10.0.1.12-8000- 23542300x800000000000000047954469Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:12.550{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=37BFCA429BAE431206D3571D845E697C,SHA256=A80551BB24BDEAF3BF394CBCF7180057D30998F537D6BBBDECD607B25856DEEA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954468Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:12.285{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=00D648787C5E07C72ADA5857784459E7,SHA256=4DFB4877BB926FEF6A584BC0BFB44703999A92DBF5B09BE179C2FF39F4483C13,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000030725022Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:13.512{B81B27B7-637D-6125-5A00-01000000C801}35083340C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{B81B27B7-4013-611D-2700-00000000C801}2076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725021Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:13.328{B81B27B7-4014-611D-3000-00000000C801}31443164C:\Windows\system32\conhost.exe{B81B27B7-637D-6125-5A00-01000000C801}3508C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725020Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:13.328{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725019Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:13.328{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725018Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:13.328{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725017Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:13.328{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725016Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:13.328{B81B27B7-4012-611D-0500-00000000C801}420536C:\Windows\system32\csrss.exe{B81B27B7-637D-6125-5A00-01000000C801}3508C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000030725015Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:13.328{B81B27B7-4013-611D-2700-00000000C801}20763760C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{B81B27B7-637D-6125-5A00-01000000C801}3508C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000030725014Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:13.313{B81B27B7-637D-6125-5A00-01000000C801}3508C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{B81B27B7-4012-611D-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{B81B27B7-4013-611D-2700-00000000C801}2076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000030725013Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:13.062{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5B487CA1F36273AD9F484772C69E007C,SHA256=0F9F2BA782E7DE3017E5CCDE25001927F104E19FD8ED51F078114A39CC700DE3,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954473Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:13.832{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=06DCC9B469F7FD1A7999F6EE8C385AB3,SHA256=29190E018F7E7E63C6D22BC518299C4349AD99E4B104AF23B940380CB7777FF9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954472Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:13.316{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1B961E580B5132A27111F3F4434EB76B,SHA256=140BDBDB39680866DD3BEEBF0191F1DB4E67FEB387F70BA7F5A50171C7B30EE7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000047954471Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:09.352{3BF36828-402C-611D-3000-00000000CA01}2220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local53751-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8089- 354300x800000000000000047954470Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:08.946{3BF36828-4037-611D-7100-00000000CA01}4948C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local53750-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000047954474Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:14.332{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=26DA06B3B52C6BDCB00C6B2D0F8C9B4F,SHA256=5FE68F0C6632C8EBBB288CC3B6FA49C8E23BCA0EE2C3161192F4A170FFA883C3,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725033Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:14.395{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=827C662D462F33B3F6EFF1389B581F68,SHA256=042393744E87C8E5A91AB5A1C1B9E5A09DD8AB7BD403E0F44AA6C72D4E598718,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725032Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:14.395{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=96BE8E4F0127D62A515CE1ABC0B39E1E,SHA256=6095E09C36195E153FECC95B6CEEB10BD17DFB4FA5749818C54E02C2FE499A00,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725031Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:14.096{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CBA87E47F065A00F198134497807C3ED,SHA256=52F5F5FCDE3584A51693464C80A2BAFDAE928CBA16229FA8C7F19F7B5CCFD45A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000030725030Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:14.027{B81B27B7-4014-611D-3000-00000000C801}31443164C:\Windows\system32\conhost.exe{B81B27B7-637E-6125-5B00-01000000C801}4576C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725029Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:14.027{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725028Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:14.027{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725027Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:14.027{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725026Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:14.027{B81B27B7-4012-611D-0C00-00000000C801}7322056C:\Windows\system32\svchost.exe{B81B27B7-4013-611D-2500-00000000C801}1820C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000030725025Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:14.027{B81B27B7-4012-611D-0500-00000000C801}420984C:\Windows\system32\csrss.exe{B81B27B7-637E-6125-5B00-01000000C801}4576C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000030725024Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:14.027{B81B27B7-4013-611D-2700-00000000C801}20763760C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{B81B27B7-637E-6125-5B00-01000000C801}4576C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000030725023Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:14.012{B81B27B7-637E-6125-5B00-01000000C801}4576C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{B81B27B7-4012-611D-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{B81B27B7-4013-611D-2700-00000000C801}2076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000047954476Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:15.347{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=301ED026197F0A36492AD9FCE552A22A,SHA256=E01B5735EC5A8F35EE2EA57B19B114082B5DD911DD0A3042F2162E71B8FBACBA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725034Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:15.126{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DF4A87C06FADD4794DB0FF5845708DA0,SHA256=683C8DF13CDBFB93667CAB28A9B4E07934F7DFEBB8C89574789371E95DACF188,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954475Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:15.222{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=1CEEFB4B25E5935BFA04E35E6B095A4C,SHA256=9A53F639FA963AD8563F9EB505BD239FF3194E5EB804CD72C5A66D2B38926286,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954478Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:16.465{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=008435A298B25912BCAC4B1DA8B6F69B,SHA256=914E5E250373AF47CEE23A23EC0DB852B9FDD375BCAA1585DCF279F1077DC6DF,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000047954477Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2021-08-24 21:24:16.356{3BF36828-403F-611D-7A00-00000000CA01}4252NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=266962D53A0780868A19D218788A58B0,SHA256=BF86F3C82EA74E772ED59FD2496B65C6B3B0A1AA3C8585102CF95A1C20B36DC7,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000030725035Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:16.158{B81B27B7-4024-611D-7300-00000000C801}2188NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=73D2626DDD87FE6B371E6EDF162C7BBF,SHA256=B7444CDB5CDCD6F76DCB36778C4BF765F6A29F3D1F0270D66AA469DBB9399776,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000030725037Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:22.183{B81B27B7-401D-611D-6900-00000000C801}3616C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local58836-false10.0.1.12-8000- 23542300x800000000000000030725036Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2021-08-24 21:24:17.177{B81B27B7-4024-611D-7300-00000000C801}