4634001254500x8020000000000000390751Securitywin-dc-mvelazco-02713-392.attackrange.localNT AUTHORITY\SYSTEMWIN-DC-MVELAZCO$ATTACKRANGE0x93daed3 4624201254400x8020000000000000390750Securitywin-dc-mvelazco-02713-392.attackrange.localNULL SID--0x0NT AUTHORITY\SYSTEMWIN-DC-MVELAZCO$ATTACKRANGE.LOCAL0x93daed3KerberosKerberos-{4A28A97B-7900-281B-A54E-795C3794DEBE}--00x0-::162074%%1833---%%18430x0%%1842 4672001254800x8020000000000000390749Securitywin-dc-mvelazco-02713-392.attackrange.localNT AUTHORITY\SYSTEMWIN-DC-MVELAZCO$ATTACKRANGE0x93daedSeSecurityPrivilege SeBackupPrivilege SeRestorePrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeLoadDriverPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege SeEnableDelegationPrivilege 4688201331200x8020000000000000390752Securitywin-dc-mvelazco-02713-392.attackrange.localNT AUTHORITY\SYSTEMWIN-DC-MVELAZCO$ATTACKRANGE0x3e70x1128C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe%%19360xa50"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000390754Securitywin-dc-mvelazco-02713-392.attackrange.localNT AUTHORITY\SYSTEMWIN-DC-MVELAZCO$ATTACKRANGE0x3e70xb04C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe%%19360xa50"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000390753Securitywin-dc-mvelazco-02713-392.attackrange.localNT AUTHORITY\SYSTEMWIN-DC-MVELAZCO$ATTACKRANGE0x3e70xc2cC:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe%%19360xa50"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000390755Securitywin-dc-mvelazco-02713-392.attackrange.localNT AUTHORITY\SYSTEMWIN-DC-MVELAZCO$ATTACKRANGE0x3e70x828C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe%%19360xa50"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000390757Securitywin-dc-mvelazco-02713-392.attackrange.localNT AUTHORITY\SYSTEMWIN-DC-MVELAZCO$ATTACKRANGE0x3e70xcf0C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe%%19360xa50"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000390756Securitywin-dc-mvelazco-02713-392.attackrange.localNT AUTHORITY\SYSTEMWIN-DC-MVELAZCO$ATTACKRANGE0x3e70xd9cC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe%%19360xa50"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000390758Securitywin-dc-mvelazco-02713-392.attackrange.localNT AUTHORITY\SYSTEMWIN-DC-MVELAZCO$ATTACKRANGE0x3e70x1058C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe%%19360xa50"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000333651Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70x1310C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000333650Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70x774C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000333652Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70xac4C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000333653Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70x1298C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000333654Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70x3ecC:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000333655Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70x10d0C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000333656Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70x1574C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000333657Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70x11c8C:\Windows\System32\backgroundTaskHost.exe%%19380x2f0"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppXy7vb4pc2dr3kc93kfc509b1d0arkfb2x.mcaATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2C:\Windows\System32\svchost.exeMandatory Label\Low Mandatory Level 4634001254500x8020000000000000390761Securitywin-dc-mvelazco-02713-392.attackrange.localNT AUTHORITY\SYSTEMWIN-DC-MVELAZCO$ATTACKRANGE0x94190f3 4624201254400x8020000000000000390760Securitywin-dc-mvelazco-02713-392.attackrange.localNULL SID--0x0NT AUTHORITY\SYSTEMWIN-DC-MVELAZCO$ATTACKRANGE.LOCAL0x94190f3KerberosKerberos-{4A28A97B-7900-281B-A54E-795C3794DEBE}--00x0-::162087%%1833---%%18430x0%%1842 4672001254800x8020000000000000390759Securitywin-dc-mvelazco-02713-392.attackrange.localNT AUTHORITY\SYSTEMWIN-DC-MVELAZCO$ATTACKRANGE0x94190fSeSecurityPrivilege SeBackupPrivilege SeRestorePrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeLoadDriverPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege SeEnableDelegationPrivilege 4688201331200x8020000000000000333658Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f20xf8cC:\Tools\PurpleSharp\PurpleSharp.exe%%19380x11d0PurpleSharp.exe /pb pb.jsonNULL SID--0x0C:\Windows\System32\cmd.exeMandatory Label\Medium Mandatory Level 4688201331200x8020000000000000333662Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70x1018C:\Windows\System32\svchost.exe%%19360x27cC:\Windows\System32\svchost.exe -k WerSvcGroupNULL SID--0x0C:\Windows\System32\services.exeMandatory Label\System Mandatory Level 4672001254800x8020000000000000333661Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMSYSTEMNT AUTHORITY0x3e7SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege 4624201254400x8020000000000000333660Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e7NT AUTHORITY\SYSTEMSYSTEMNT AUTHORITY0x3e75Advapi Negotiate-{00000000-0000-0000-0000-000000000000}--00x27cC:\Windows\System32\services.exe--%%1833---%%18430x0%%1842 4688201331200x8020000000000000333659Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f20x7b8C:\Tools\PurpleSharp\PurpleSharp.exe%%19380xf8cPurpleSharp.exe /pb pb.jsonNULL SID--0x0C:\Tools\PurpleSharp\PurpleSharp.exeMandatory Label\Medium Mandatory Level 4688201331200x8020000000000000333663Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70x42cC:\Windows\System32\WerFault.exe%%19380xf8cC:\Windows\system32\WerFault.exe -u -p 3980 -s 812ATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2C:\Tools\PurpleSharp\PurpleSharp.exeMandatory Label\Medium Mandatory Level 4688201331200x8020000000000000390762Securitywin-dc-mvelazco-02713-392.attackrange.localNT AUTHORITY\SYSTEMWIN-DC-MVELAZCO$ATTACKRANGE0x3e70x4f4C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe%%19360xa50"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000390764Securitywin-dc-mvelazco-02713-392.attackrange.localNT AUTHORITY\SYSTEMWIN-DC-MVELAZCO$ATTACKRANGE0x3e70x13b4C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe%%19360xa50"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000390763Securitywin-dc-mvelazco-02713-392.attackrange.localNT AUTHORITY\SYSTEMWIN-DC-MVELAZCO$ATTACKRANGE0x3e70x1160C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe%%19360xa50"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000390765Securitywin-dc-mvelazco-02713-392.attackrange.localNT AUTHORITY\SYSTEMWIN-DC-MVELAZCO$ATTACKRANGE0x3e70x568C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe%%19360xa50"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000390767Securitywin-dc-mvelazco-02713-392.attackrange.localNT AUTHORITY\SYSTEMWIN-DC-MVELAZCO$ATTACKRANGE0x3e70x1030C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe%%19360xa50"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000390766Securitywin-dc-mvelazco-02713-392.attackrange.localNT AUTHORITY\SYSTEMWIN-DC-MVELAZCO$ATTACKRANGE0x3e70x1338C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe%%19360xa50"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000333664Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70x13fcC:\Windows\System32\dllhost.exe%%19380x2f0C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}ATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2C:\Windows\System32\svchost.exeMandatory Label\Medium Mandatory Level 4688201331200x8020000000000000333665Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70x15f8C:\Windows\System32\consent.exe%%19360x4a4consent.exe 1188 272 0000024BC97E3D30NULL SID--0x0C:\Windows\System32\svchost.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000333667Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70x12e4C:\Windows\System32\dllhost.exe%%19370x2f0C:\Windows\system32\DllHost.exe /Processid:{3AD05575-8857-4850-9277-11B85BDB8E09}ATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360acC:\Windows\System32\svchost.exeMandatory Label\High Mandatory Level 4688201331200x8020000000000000333666Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70x13e0C:\Windows\System32\dllhost.exe%%19360x2f0C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}NULL SID--0x0C:\Windows\System32\svchost.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000390768Securitywin-dc-mvelazco-02713-392.attackrange.localNT AUTHORITY\SYSTEMWIN-DC-MVELAZCO$ATTACKRANGE0x3e70x1090C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe%%19360xa50"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000333668Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f20x77cC:\Tools\PurpleSharp\PurpleSharp.exe%%19380x11d0PurpleSharp.exe /pb pb.jsonNULL SID--0x0C:\Windows\System32\cmd.exeMandatory Label\Medium Mandatory Level 4625001254400x8010000000000000333679Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDMELANIE_ANTHONYattackrange.local0xc000006d%%23130xc000006a2Advapi MICROSOFT_AUTHENTICATION_PACKAGE_V1_0WIN-HOST-MVELAZ--00x77cC:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000333678Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDJENNY_KENNEDYattackrange.local0xc000006d%%23130xc000006a2Advapi MICROSOFT_AUTHENTICATION_PACKAGE_V1_0WIN-HOST-MVELAZ--00x77cC:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000333677Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDJUANA_LUCASattackrange.local0xc000006d%%23130xc000006a2Advapi MICROSOFT_AUTHENTICATION_PACKAGE_V1_0WIN-HOST-MVELAZ--00x77cC:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000333676Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDJENNY_ALFORDattackrange.local0xc000006d%%23130xc000006a2Advapi MICROSOFT_AUTHENTICATION_PACKAGE_V1_0WIN-HOST-MVELAZ--00x77cC:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000333675Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDALFREDA_ZIMMERMANattackrange.local0xc000006d%%23130xc000006a2Advapi MICROSOFT_AUTHENTICATION_PACKAGE_V1_0WIN-HOST-MVELAZ--00x77cC:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000333674Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDGRETA_VANGattackrange.local0xc000006d%%23130xc000006a2Advapi MICROSOFT_AUTHENTICATION_PACKAGE_V1_0WIN-HOST-MVELAZ--00x77cC:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000333673Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDRUFUS_KIDDattackrange.local0xc000006d%%23130xc000006a2Advapi MICROSOFT_AUTHENTICATION_PACKAGE_V1_0WIN-HOST-MVELAZ--00x77cC:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000333672Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDKENT_DIXONattackrange.local0xc000006d%%23130xc000006a2Advapi MICROSOFT_AUTHENTICATION_PACKAGE_V1_0WIN-HOST-MVELAZ--00x77cC:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000333671Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDOLGA_CHAPMANattackrange.local0xc000006d%%23130xc000006a2Advapi MICROSOFT_AUTHENTICATION_PACKAGE_V1_0WIN-HOST-MVELAZ--00x77cC:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000333670Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDMARC_DENNISattackrange.local0xc000006d%%23130xc000006a2Advapi MICROSOFT_AUTHENTICATION_PACKAGE_V1_0WIN-HOST-MVELAZ--00x77cC:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000333669Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDTHAD_SOSAattackrange.local0xc000006d%%23130xc000006a2Advapi MICROSOFT_AUTHENTICATION_PACKAGE_V1_0WIN-HOST-MVELAZ--00x77cC:\Tools\PurpleSharp\PurpleSharp.exe-- 4624201254400x8020000000000000390775Securitywin-dc-mvelazco-02713-392.attackrange.localNULL SID--0x0ATTACKRANGE\REED_LARSENREED_LARSENATTACKRANGE.LOCAL0x9444e53KerberosKerberos-{2E06DF0B-F6BF-E200-FB44-855A936A9FBF}--00x0-10.0.1.1562760%%1833---%%18430x0%%1842 4624201254400x8020000000000000390774Securitywin-dc-mvelazco-02713-392.attackrange.localNULL SID--0x0ATTACKRANGE\REED_LARSENREED_LARSENATTACKRANGE.LOCAL0x9444d33KerberosKerberos-{2E06DF0B-F6BF-E200-FB44-855A936A9FBF}--00x0-10.0.1.1562759%%1833---%%18430x0%%1842 4624201254400x8020000000000000390773Securitywin-dc-mvelazco-02713-392.attackrange.localNULL SID--0x0ATTACKRANGE\REED_LARSENREED_LARSENATTACKRANGE.LOCAL0x9444c13KerberosKerberos-{2E06DF0B-F6BF-E200-FB44-855A936A9FBF}--00x0-10.0.1.1562758%%1833---%%18430x0%%1842 4634001254500x8020000000000000390772Securitywin-dc-mvelazco-02713-392.attackrange.localATTACKRANGE\REED_LARSENREED_LARSENATTACKRANGE0x9444aa3 4624201254400x8020000000000000390771Securitywin-dc-mvelazco-02713-392.attackrange.localNULL SID--0x0ATTACKRANGE\REED_LARSENREED_LARSENATTACKRANGE.LOCAL0x9444aa3KerberosKerberos-{2E06DF0B-F6BF-E200-FB44-855A936A9FBF}--00x0-10.0.1.1562754%%1833---%%18430x0%%1842 4769001433700x8020000000000000390770Securitywin-dc-mvelazco-02713-392.attackrange.localREED_LARSEN@ATTACKRANGE.LOCALATTACKRANGE.LOCALWIN-DC-MVELAZCO$ATTACKRANGE\WIN-DC-MVELAZCO$0x408100000x12::ffff:10.0.1.15627570x0{01A1BF30-9CDF-3CE0-BDFD-67163247495B}- 4768001433900x8020000000000000390769Securitywin-dc-mvelazco-02713-392.attackrange.localREED_LARSENATTACKRANGE.LOCALATTACKRANGE\REED_LARSENkrbtgtATTACKRANGE\krbtgt0x408100100x00x122::ffff:10.0.1.1562756 4625001254400x8010000000000000333718Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDMARLENE_GRAVESattackrange.local0xc000006d%%23130xc000006a2Advapi MICROSOFT_AUTHENTICATION_PACKAGE_V1_0WIN-HOST-MVELAZ--00x77cC:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000333717Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDFAY_GLOVERattackrange.local0xc000006d%%23130xc000006a2Advapi MICROSOFT_AUTHENTICATION_PACKAGE_V1_0WIN-HOST-MVELAZ--00x77cC:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000333716Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDERNEST_WASHINGTONattackrange.local0xc000006d%%23130xc000006a2Advapi MICROSOFT_AUTHENTICATION_PACKAGE_V1_0WIN-HOST-MVELAZ--00x77cC:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000333715Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SID2235889183SAattackrange.local0xc000006d%%23130xc000006a2Advapi MICROSOFT_AUTHENTICATION_PACKAGE_V1_0WIN-HOST-MVELAZ--00x77cC:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000333714Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDJEAN_BENJAMINattackrange.local0xc000006d%%23130xc000006a2Advapi MICROSOFT_AUTHENTICATION_PACKAGE_V1_0WIN-HOST-MVELAZ--00x77cC:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000333713Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDCLARENCE_BENDERattackrange.local0xc000006d%%23130xc000006a2Advapi MICROSOFT_AUTHENTICATION_PACKAGE_V1_0WIN-HOST-MVELAZ--00x77cC:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000333712Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDJIMMY_HORTONattackrange.local0xc000006d%%23130xc000006a2Advapi MICROSOFT_AUTHENTICATION_PACKAGE_V1_0WIN-HOST-MVELAZ--00x77cC:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000333711Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SID479341857SAattackrange.local0xc000006d%%23130xc000006a2Advapi MICROSOFT_AUTHENTICATION_PACKAGE_V1_0WIN-HOST-MVELAZ--00x77cC:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000333710Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDMARCELO_ARMSTRONGattackrange.local0xc000006d%%23130xc000006a2Advapi MICROSOFT_AUTHENTICATION_PACKAGE_V1_0WIN-HOST-MVELAZ--00x77cC:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000333709Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SID6162001069SAattackrange.local0xc000006d%%23130xc000006a2Advapi MICROSOFT_AUTHENTICATION_PACKAGE_V1_0WIN-HOST-MVELAZ--00x77cC:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000333708Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDLORENE_HOLCOMBattackrange.local0xc000006d%%23130xc000006a2Advapi MICROSOFT_AUTHENTICATION_PACKAGE_V1_0WIN-HOST-MVELAZ--00x77cC:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000333707Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDSASHA_HOLTattackrange.local0xc000006d%%23130xc000006a2Advapi MICROSOFT_AUTHENTICATION_PACKAGE_V1_0WIN-HOST-MVELAZ--00x77cC:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000333706Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDFRANCINE_SIMPSONattackrange.local0xc000006d%%23130xc000006a2Advapi MICROSOFT_AUTHENTICATION_PACKAGE_V1_0WIN-HOST-MVELAZ--00x77cC:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000333705Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDCONNIE_MEADOWSattackrange.local0xc000006d%%23130xc000006a2Advapi MICROSOFT_AUTHENTICATION_PACKAGE_V1_0WIN-HOST-MVELAZ--00x77cC:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000333704Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDJAYSON_PENAattackrange.local0xc000006d%%23130xc000006a2Advapi MICROSOFT_AUTHENTICATION_PACKAGE_V1_0WIN-HOST-MVELAZ--00x77cC:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000333703Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDEVA_STONEattackrange.local0xc000006d%%23130xc000006a2Advapi MICROSOFT_AUTHENTICATION_PACKAGE_V1_0WIN-HOST-MVELAZ--00x77cC:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000333702Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDQUINTON_WOLFattackrange.local0xc000006d%%23130xc000006a2Advapi MICROSOFT_AUTHENTICATION_PACKAGE_V1_0WIN-HOST-MVELAZ--00x77cC:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000333701Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDHAL_FRAZIERattackrange.local0xc000006d%%23130xc000006a2Advapi MICROSOFT_AUTHENTICATION_PACKAGE_V1_0WIN-HOST-MVELAZ--00x77cC:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000333700Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDABIGAIL_MCDOWELLattackrange.local0xc000006d%%23130xc000006a2Advapi MICROSOFT_AUTHENTICATION_PACKAGE_V1_0WIN-HOST-MVELAZ--00x77cC:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000333699Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDLARA_MCKEEattackrange.local0xc000006d%%23130xc000006a2Advapi MICROSOFT_AUTHENTICATION_PACKAGE_V1_0WIN-HOST-MVELAZ--00x77cC:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000333698Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDJOEL_SNIDERattackrange.local0xc000006d%%23130xc000006a2Advapi MICROSOFT_AUTHENTICATION_PACKAGE_V1_0WIN-HOST-MVELAZ--00x77cC:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000333697Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDANNIE_HENDRICKSattackrange.local0xc000006d%%23130xc000006a2Advapi MICROSOFT_AUTHENTICATION_PACKAGE_V1_0WIN-HOST-MVELAZ--00x77cC:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000333696Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDSAUL_YOUNGattackrange.local0xc000006d%%23130xc000006a2Advapi MICROSOFT_AUTHENTICATION_PACKAGE_V1_0WIN-HOST-MVELAZ--00x77cC:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000333695Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDLEMUEL_HOLDERattackrange.local0xc000006d%%23130xc000006a2Advapi MICROSOFT_AUTHENTICATION_PACKAGE_V1_0WIN-HOST-MVELAZ--00x77cC:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000333694Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDNADINE_HOPKINSattackrange.local0xc000006d%%23130xc000006a2Advapi MICROSOFT_AUTHENTICATION_PACKAGE_V1_0WIN-HOST-MVELAZ--00x77cC:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000333693Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDJESSIE_STEPHENSattackrange.local0xc000006d%%23130xc000006a2Advapi MICROSOFT_AUTHENTICATION_PACKAGE_V1_0WIN-HOST-MVELAZ--00x77cC:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000333692Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDROSS_JACKSONattackrange.local0xc000006d%%23130xc000006a2Advapi MICROSOFT_AUTHENTICATION_PACKAGE_V1_0WIN-HOST-MVELAZ--00x77cC:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000333691Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDAVERY_MENDEZattackrange.local0xc000006d%%23130xc000006a2Advapi MICROSOFT_AUTHENTICATION_PACKAGE_V1_0WIN-HOST-MVELAZ--00x77cC:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000333690Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDFRANCISCA_RODRIQUEZattackrange.local0xc000006d%%23130xc000006a2Advapi MICROSOFT_AUTHENTICATION_PACKAGE_V1_0WIN-HOST-MVELAZ--00x77cC:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000333689Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDTRISTAN_CAMPBELLattackrange.local0xc000006d%%23130xc000006a2Advapi MICROSOFT_AUTHENTICATION_PACKAGE_V1_0WIN-HOST-MVELAZ--00x77cC:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000333688Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDMAE_COLEMANattackrange.local0xc000006d%%23130xc000006a2Advapi MICROSOFT_AUTHENTICATION_PACKAGE_V1_0WIN-HOST-MVELAZ--00x77cC:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000333687Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDMARYANNE_SWEETattackrange.local0xc000006d%%23130xc000006a2Advapi MICROSOFT_AUTHENTICATION_PACKAGE_V1_0WIN-HOST-MVELAZ--00x77cC:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000333686Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDPRINCE_MCGEEattackrange.local0xc000006d%%23130xc000006a2Advapi MICROSOFT_AUTHENTICATION_PACKAGE_V1_0WIN-HOST-MVELAZ--00x77cC:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000333685Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDMYRNA_CHERRYattackrange.local0xc000006d%%23130xc000006a2Advapi MICROSOFT_AUTHENTICATION_PACKAGE_V1_0WIN-HOST-MVELAZ--00x77cC:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000333684Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDELMO_PETERSattackrange.local0xc000006d%%23130xc000006a2Advapi MICROSOFT_AUTHENTICATION_PACKAGE_V1_0WIN-HOST-MVELAZ--00x77cC:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000333683Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDIMOGENE_BURTattackrange.local0xc000006d%%23130xc000006a2Advapi MICROSOFT_AUTHENTICATION_PACKAGE_V1_0WIN-HOST-MVELAZ--00x77cC:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000333682Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDTAD_MCMAHONattackrange.local0xc000006d%%23130xc000006a2Advapi MICROSOFT_AUTHENTICATION_PACKAGE_V1_0WIN-HOST-MVELAZ--00x77cC:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000333681Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDCEDRIC_CLAYattackrange.local0xc000006d%%23130xc000006a2Advapi MICROSOFT_AUTHENTICATION_PACKAGE_V1_0WIN-HOST-MVELAZ--00x77cC:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000333680Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDJANNA_GALLOWAYattackrange.local0xc000006d%%23130xc000006a2Advapi MICROSOFT_AUTHENTICATION_PACKAGE_V1_0WIN-HOST-MVELAZ--00x77cC:\Tools\PurpleSharp\PurpleSharp.exe-- 4634001254500x8020000000000000390778Securitywin-dc-mvelazco-02713-392.attackrange.localATTACKRANGE\REED_LARSENREED_LARSENATTACKRANGE0x9444e53 4634001254500x8020000000000000390777Securitywin-dc-mvelazco-02713-392.attackrange.localATTACKRANGE\REED_LARSENREED_LARSENATTACKRANGE0x9444d33 4634001254500x8020000000000000390776Securitywin-dc-mvelazco-02713-392.attackrange.localATTACKRANGE\REED_LARSENREED_LARSENATTACKRANGE0x9444c13 4688201331200x8020000000000000333720Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70x1764C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000333719Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70x13c0C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000333721Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70x15b0C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000333722Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70x830C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000333723Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70x17a0C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000333724Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70x214C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000333725Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70x208C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4634001254500x8020000000000000390781Securitywin-dc-mvelazco-02713-392.attackrange.localNT AUTHORITY\SYSTEMWIN-DC-MVELAZCO$ATTACKRANGE0x9457933 4624201254400x8020000000000000390780Securitywin-dc-mvelazco-02713-392.attackrange.localNULL SID--0x0NT AUTHORITY\SYSTEMWIN-DC-MVELAZCO$ATTACKRANGE.LOCAL0x9457933KerberosKerberos-{4A28A97B-7900-281B-A54E-795C3794DEBE}--00x0-::162100%%1833---%%18430x0%%1842 4672001254800x8020000000000000390779Securitywin-dc-mvelazco-02713-392.attackrange.localNT AUTHORITY\SYSTEMWIN-DC-MVELAZCO$ATTACKRANGE0x945793SeSecurityPrivilege SeBackupPrivilege SeRestorePrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeLoadDriverPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege SeEnableDelegationPrivilege 4688201331200x8020000000000000390782Securitywin-dc-mvelazco-02713-392.attackrange.localNT AUTHORITY\SYSTEMWIN-DC-MVELAZCO$ATTACKRANGE0x3e70x1008C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe%%19360xa50"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000390784Securitywin-dc-mvelazco-02713-392.attackrange.localNT AUTHORITY\SYSTEMWIN-DC-MVELAZCO$ATTACKRANGE0x3e70x2b4C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe%%19360xa50"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000390783Securitywin-dc-mvelazco-02713-392.attackrange.localNT AUTHORITY\SYSTEMWIN-DC-MVELAZCO$ATTACKRANGE0x3e70x12b0C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe%%19360xa50"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000390785Securitywin-dc-mvelazco-02713-392.attackrange.localNT AUTHORITY\SYSTEMWIN-DC-MVELAZCO$ATTACKRANGE0x3e70x13e0C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe%%19360xa50"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000390787Securitywin-dc-mvelazco-02713-392.attackrange.localNT AUTHORITY\SYSTEMWIN-DC-MVELAZCO$ATTACKRANGE0x3e70x1044C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe%%19360xa50"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000390786Securitywin-dc-mvelazco-02713-392.attackrange.localNT AUTHORITY\SYSTEMWIN-DC-MVELAZCO$ATTACKRANGE0x3e70x208C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe%%19360xa50"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000390788Securitywin-dc-mvelazco-02713-392.attackrange.localNT AUTHORITY\SYSTEMWIN-DC-MVELAZCO$ATTACKRANGE0x3e70x100cC:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe%%19360xa50"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000333727Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70x9b8C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000333726Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70x7b0C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000333728Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70xf08C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000333729Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70x1120C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000333730Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70x1128C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000333731Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70x780C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4624201254400x8020000000000000390790Securitywin-dc-mvelazco-02713-392.attackrange.localNULL SID--0x0NT AUTHORITY\SYSTEMWIN-DC-MVELAZCO$ATTACKRANGE.LOCAL0x94911c3KerberosKerberos-{05B59C8B-C60F-D489-372A-746E4BA3F69B}--00x0-10.0.1.1462110%%1840---%%18430x0%%1842 4672001254800x8020000000000000390789Securitywin-dc-mvelazco-02713-392.attackrange.localNT AUTHORITY\SYSTEMWIN-DC-MVELAZCO$ATTACKRANGE0x94911cSeSecurityPrivilege SeBackupPrivilege SeRestorePrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeLoadDriverPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege SeEnableDelegationPrivilege 4688201331200x8020000000000000333732Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70x11b8C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4634001254500x8020000000000000390791Securitywin-dc-mvelazco-02713-392.attackrange.localNT AUTHORITY\SYSTEMWIN-DC-MVELAZCO$ATTACKRANGE0x94911c3 4634001254500x8020000000000000390794Securitywin-dc-mvelazco-02713-392.attackrange.localNT AUTHORITY\SYSTEMWIN-DC-MVELAZCO$ATTACKRANGE0x9497043 4624201254400x8020000000000000390793Securitywin-dc-mvelazco-02713-392.attackrange.localNULL SID--0x0NT AUTHORITY\SYSTEMWIN-DC-MVELAZCO$ATTACKRANGE.LOCAL0x9497043KerberosKerberos-{4A28A97B-7900-281B-A54E-795C3794DEBE}--00x0-::162113%%1833---%%18430x0%%1842 4672001254800x8020000000000000390792Securitywin-dc-mvelazco-02713-392.attackrange.localNT AUTHORITY\SYSTEMWIN-DC-MVELAZCO$ATTACKRANGE0x949704SeSecurityPrivilege SeBackupPrivilege SeRestorePrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeLoadDriverPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege SeEnableDelegationPrivilege 4688201331200x8020000000000000390795Securitywin-dc-mvelazco-02713-392.attackrange.localNT AUTHORITY\SYSTEMWIN-DC-MVELAZCO$ATTACKRANGE0x3e70x1384C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe%%19360xa50"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000390797Securitywin-dc-mvelazco-02713-392.attackrange.localNT AUTHORITY\SYSTEMWIN-DC-MVELAZCO$ATTACKRANGE0x3e70xf20C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe%%19360xa50"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000390796Securitywin-dc-mvelazco-02713-392.attackrange.localNT AUTHORITY\SYSTEMWIN-DC-MVELAZCO$ATTACKRANGE0x3e70xdb8C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe%%19360xa50"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000390798Securitywin-dc-mvelazco-02713-392.attackrange.localNT AUTHORITY\SYSTEMWIN-DC-MVELAZCO$ATTACKRANGE0x3e70xf54C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe%%19360xa50"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000390800Securitywin-dc-mvelazco-02713-392.attackrange.localNT AUTHORITY\SYSTEMWIN-DC-MVELAZCO$ATTACKRANGE0x3e70xeb8C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe%%19360xa50"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000390799Securitywin-dc-mvelazco-02713-392.attackrange.localNT AUTHORITY\SYSTEMWIN-DC-MVELAZCO$ATTACKRANGE0x3e70x1014C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe%%19360xa50"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000390801Securitywin-dc-mvelazco-02713-392.attackrange.localNT AUTHORITY\SYSTEMWIN-DC-MVELAZCO$ATTACKRANGE0x3e70x864C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe%%19360xa50"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000333734Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70x7b4C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000333733Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70x1214C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000333735Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70x3e4C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4634001254500x8020000000000000390812Securitywin-dc-mvelazco-02713-392.attackrange.localNT AUTHORITY\SYSTEMWIN-DC-MVELAZCO$ATTACKRANGE0x94cbce3 4634001254500x8020000000000000390811Securitywin-dc-mvelazco-02713-392.attackrange.localNT AUTHORITY\SYSTEMWIN-DC-MVELAZCO$ATTACKRANGE0x94ccde3 4634001254500x8020000000000000390810Securitywin-dc-mvelazco-02713-392.attackrange.localNT AUTHORITY\SYSTEMWIN-DC-MVELAZCO$ATTACKRANGE0x94cd2e3 4624201254400x8020000000000000390809Securitywin-dc-mvelazco-02713-392.attackrange.localNULL SID--0x0NT AUTHORITY\SYSTEMWIN-DC-MVELAZCO$ATTACKRANGE.LOCAL0x94cda23KerberosKerberos-{40E3BE2E-6457-C37D-05F8-733361E36484}--00x0-fe80::ac51:1fb3:8580:881862123%%1840---%%18430x0%%1842 4672001254800x8020000000000000390808Securitywin-dc-mvelazco-02713-392.attackrange.localNT AUTHORITY\SYSTEMWIN-DC-MVELAZCO$ATTACKRANGE0x94cda2SeSecurityPrivilege SeBackupPrivilege SeRestorePrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeLoadDriverPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege SeEnableDelegationPrivilege 4624201254400x8020000000000000390807Securitywin-dc-mvelazco-02713-392.attackrange.localNULL SID--0x0NT AUTHORITY\SYSTEMWIN-DC-MVELAZCO$ATTACKRANGE.LOCAL0x94cd2e3KerberosKerberos-{35E5D5CB-D729-D3B3-D4BD-B12763FEF9C1}--00x0-10.0.1.1462122%%1833---%%18430x0%%1842 4672001254800x8020000000000000390806Securitywin-dc-mvelazco-02713-392.attackrange.localNT AUTHORITY\SYSTEMWIN-DC-MVELAZCO$ATTACKRANGE0x94cd2eSeSecurityPrivilege SeBackupPrivilege SeRestorePrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeLoadDriverPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege SeEnableDelegationPrivilege 4624201254400x8020000000000000390805Securitywin-dc-mvelazco-02713-392.attackrange.localNULL SID--0x0NT AUTHORITY\SYSTEMWIN-DC-MVELAZCO$ATTACKRANGE.LOCAL0x94ccde3KerberosKerberos-{40E3BE2E-6457-C37D-05F8-733361E36484}--00x0-::10%%1833---%%18430x0%%1842 4672001254800x8020000000000000390804Securitywin-dc-mvelazco-02713-392.attackrange.localNT AUTHORITY\SYSTEMWIN-DC-MVELAZCO$ATTACKRANGE0x94ccdeSeSecurityPrivilege SeBackupPrivilege SeRestorePrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeLoadDriverPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege SeEnableDelegationPrivilege 4624201254400x8020000000000000390803Securitywin-dc-mvelazco-02713-392.attackrange.localNULL SID--0x0NT AUTHORITY\SYSTEMWIN-DC-MVELAZCO$ATTACKRANGE.LOCAL0x94cbce3KerberosKerberos-{35E5D5CB-D729-D3B3-D4BD-B12763FEF9C1}--00x0-fe80::ac51:1fb3:8580:881862121%%1833---%%18430x0%%1842 4672001254800x8020000000000000390802Securitywin-dc-mvelazco-02713-392.attackrange.localNT AUTHORITY\SYSTEMWIN-DC-MVELAZCO$ATTACKRANGE0x94cbceSeSecurityPrivilege SeBackupPrivilege SeRestorePrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeLoadDriverPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege SeEnableDelegationPrivilege 4688201331200x8020000000000000333736Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70x674C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000333738Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70xd70C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000333737Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70x12b0C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000333739Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70xba0C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4634001254500x8020000000000000390813Securitywin-dc-mvelazco-02713-392.attackrange.localNT AUTHORITY\SYSTEMWIN-DC-MVELAZCO$ATTACKRANGE0x94cda23 4624201254400x8020000000000000390814Securitywin-dc-mvelazco-02713-392.attackrange.localNULL SID--0x0ATTACKRANGE\WIN-HOST-MVELAZ$WIN-HOST-MVELAZ$ATTACKRANGE.LOCAL0x94d7413KerberosKerberos-{7C99C434-C3E8-547A-0BD4-7995B8CC214D}--00x0-10.0.1.1562792%%1840---%%18430x0%%1842 4634001254500x8020000000000000390817Securitywin-dc-mvelazco-02713-392.attackrange.localNT AUTHORITY\SYSTEMWIN-DC-MVELAZCO$ATTACKRANGE0x94db243 4624201254400x8020000000000000390816Securitywin-dc-mvelazco-02713-392.attackrange.localNULL SID--0x0NT AUTHORITY\SYSTEMWIN-DC-MVELAZCO$ATTACKRANGE.LOCAL0x94db243KerberosKerberos-{4A28A97B-7900-281B-A54E-795C3794DEBE}--00x0-::162129%%1833---%%18430x0%%1842 4672001254800x8020000000000000390815Securitywin-dc-mvelazco-02713-392.attackrange.localNT AUTHORITY\SYSTEMWIN-DC-MVELAZCO$ATTACKRANGE0x94db24SeSecurityPrivilege SeBackupPrivilege SeRestorePrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeLoadDriverPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege SeEnableDelegationPrivilege 4634001254500x8020000000000000390818Securitywin-dc-mvelazco-02713-392.attackrange.localATTACKRANGE\WIN-HOST-MVELAZ$WIN-HOST-MVELAZ$ATTACKRANGE0x94d7413 4634001254500x8020000000000000390824Securitywin-dc-mvelazco-02713-392.attackrange.localNT AUTHORITY\SYSTEMWIN-DC-MVELAZCO$ATTACKRANGE0x94e1743 4624201254400x8020000000000000390823Securitywin-dc-mvelazco-02713-392.attackrange.localNULL SID--0x0NT AUTHORITY\SYSTEMWIN-DC-MVELAZCO$ATTACKRANGE.LOCAL0x94e1743KerberosKerberos-{8B0547C5-7D4C-191C-BFF3-5A9E4B3F8AE0}--00x0-10.0.1.1462134%%1833---%%18430x0%%1842 4672001254800x8020000000000000390822Securitywin-dc-mvelazco-02713-392.attackrange.localNT AUTHORITY\SYSTEMWIN-DC-MVELAZCO$ATTACKRANGE0x94e174SeSecurityPrivilege SeBackupPrivilege SeRestorePrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeLoadDriverPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege SeEnableDelegationPrivilege 4634001254500x8020000000000000390821Securitywin-dc-mvelazco-02713-392.attackrange.localNT AUTHORITY\SYSTEMWIN-DC-MVELAZCO$ATTACKRANGE0x94e0a23 4624201254400x8020000000000000390820Securitywin-dc-mvelazco-02713-392.attackrange.localNULL SID--0x0NT AUTHORITY\SYSTEMWIN-DC-MVELAZCO$ATTACKRANGE.LOCAL0x94e0a23KerberosKerberos-{8B0547C5-7D4C-191C-BFF3-5A9E4B3F8AE0}--00x0-10.0.1.1462133%%1833---%%18430x0%%1842 4672001254800x8020000000000000390819Securitywin-dc-mvelazco-02713-392.attackrange.localNT AUTHORITY\SYSTEMWIN-DC-MVELAZCO$ATTACKRANGE0x94e0a2SeSecurityPrivilege SeBackupPrivilege SeRestorePrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeLoadDriverPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege SeEnableDelegationPrivilege 4688201331200x8020000000000000390825Securitywin-dc-mvelazco-02713-392.attackrange.localNT AUTHORITY\SYSTEMWIN-DC-MVELAZCO$ATTACKRANGE0x3e70x3dcC:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe%%19360xa50"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000390826Securitywin-dc-mvelazco-02713-392.attackrange.localNT AUTHORITY\SYSTEMWIN-DC-MVELAZCO$ATTACKRANGE0x3e70x170C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe%%19360xa50"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000390828Securitywin-dc-mvelazco-02713-392.attackrange.localNT AUTHORITY\SYSTEMWIN-DC-MVELAZCO$ATTACKRANGE0x3e70xab8C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe%%19360xa50"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000390827Securitywin-dc-mvelazco-02713-392.attackrange.localNT AUTHORITY\SYSTEMWIN-DC-MVELAZCO$ATTACKRANGE0x3e70x1108C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe%%19360xa50"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000390830Securitywin-dc-mvelazco-02713-392.attackrange.localNT AUTHORITY\SYSTEMWIN-DC-MVELAZCO$ATTACKRANGE0x3e70x820C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe%%19360xa50"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000390829Securitywin-dc-mvelazco-02713-392.attackrange.localNT AUTHORITY\SYSTEMWIN-DC-MVELAZCO$ATTACKRANGE0x3e70x754C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe%%19360xa50"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000390831Securitywin-dc-mvelazco-02713-392.attackrange.localNT AUTHORITY\SYSTEMWIN-DC-MVELAZCO$ATTACKRANGE0x3e70x1124C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe%%19360xa50"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000333741Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70x1310C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000333740Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70x109cC:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000333742Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70x14ccC:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000333743Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70x1298C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000333745Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70x1594C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000333744Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70x3c8C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000333746Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70x1518C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4634001254500x8020000000000000390834Securitywin-dc-mvelazco-02713-392.attackrange.localNT AUTHORITY\SYSTEMWIN-DC-MVELAZCO$ATTACKRANGE0x951b583 4624201254400x8020000000000000390833Securitywin-dc-mvelazco-02713-392.attackrange.localNULL SID--0x0NT AUTHORITY\SYSTEMWIN-DC-MVELAZCO$ATTACKRANGE.LOCAL0x951b583KerberosKerberos-{4A28A97B-7900-281B-A54E-795C3794DEBE}--00x0-::162145%%1833---%%18430x0%%1842 4672001254800x8020000000000000390832Securitywin-dc-mvelazco-02713-392.attackrange.localNT AUTHORITY\SYSTEMWIN-DC-MVELAZCO$ATTACKRANGE0x951b58SeSecurityPrivilege SeBackupPrivilege SeRestorePrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeLoadDriverPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege SeEnableDelegationPrivilege 4688201331200x8020000000000000390835Securitywin-dc-mvelazco-02713-392.attackrange.localNT AUTHORITY\SYSTEMWIN-DC-MVELAZCO$ATTACKRANGE0x3e70x1194C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe%%19360xa50"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000390836Securitywin-dc-mvelazco-02713-392.attackrange.localNT AUTHORITY\SYSTEMWIN-DC-MVELAZCO$ATTACKRANGE0x3e70xacC:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe%%19360xa50"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000390838Securitywin-dc-mvelazco-02713-392.attackrange.localNT AUTHORITY\SYSTEMWIN-DC-MVELAZCO$ATTACKRANGE0x3e70x1298C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe%%19360xa50"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000390837Securitywin-dc-mvelazco-02713-392.attackrange.localNT AUTHORITY\SYSTEMWIN-DC-MVELAZCO$ATTACKRANGE0x3e70x11e8C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe%%19360xa50"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000390840Securitywin-dc-mvelazco-02713-392.attackrange.localNT AUTHORITY\SYSTEMWIN-DC-MVELAZCO$ATTACKRANGE0x3e70x81cC:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe%%19360xa50"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000390839Securitywin-dc-mvelazco-02713-392.attackrange.localNT AUTHORITY\SYSTEMWIN-DC-MVELAZCO$ATTACKRANGE0x3e70x13e4C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe%%19360xa50"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000390841Securitywin-dc-mvelazco-02713-392.attackrange.localNT AUTHORITY\SYSTEMWIN-DC-MVELAZCO$ATTACKRANGE0x3e70x10b4C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe%%19360xa50"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000333748Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70x9acC:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000333747Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70x120cC:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000333749Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70x1004C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000333750Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70x14f4C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000333752Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70x294C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000333751Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70x8C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000333753Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70x2ccC:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4634001254500x8020000000000000390844Securitywin-dc-mvelazco-02713-392.attackrange.localNT AUTHORITY\SYSTEMWIN-DC-MVELAZCO$ATTACKRANGE0x95596c3 4624201254400x8020000000000000390843Securitywin-dc-mvelazco-02713-392.attackrange.localNULL SID--0x0NT AUTHORITY\SYSTEMWIN-DC-MVELAZCO$ATTACKRANGE.LOCAL0x95596c3KerberosKerberos-{4A28A97B-7900-281B-A54E-795C3794DEBE}--00x0-::162158%%1833---%%18430x0%%1842 4672001254800x8020000000000000390842Securitywin-dc-mvelazco-02713-392.attackrange.localNT AUTHORITY\SYSTEMWIN-DC-MVELAZCO$ATTACKRANGE0x95596cSeSecurityPrivilege SeBackupPrivilege SeRestorePrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeLoadDriverPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege SeEnableDelegationPrivilege 4688201331200x8020000000000000390845Securitywin-dc-mvelazco-02713-392.attackrange.localNT AUTHORITY\SYSTEMWIN-DC-MVELAZCO$ATTACKRANGE0x3e70x115cC:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe%%19360xa50"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000390846Securitywin-dc-mvelazco-02713-392.attackrange.localNT AUTHORITY\SYSTEMWIN-DC-MVELAZCO$ATTACKRANGE0x3e70x11a8C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe%%19360xa50"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000390848Securitywin-dc-mvelazco-02713-392.attackrange.localNT AUTHORITY\SYSTEMWIN-DC-MVELAZCO$ATTACKRANGE0x3e70x8f8C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe%%19360xa50"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000390847Securitywin-dc-mvelazco-02713-392.attackrange.localNT AUTHORITY\SYSTEMWIN-DC-MVELAZCO$ATTACKRANGE0x3e70xbc4C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe%%19360xa50"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000390849Securitywin-dc-mvelazco-02713-392.attackrange.localNT AUTHORITY\SYSTEMWIN-DC-MVELAZCO$ATTACKRANGE0x3e70x133cC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe%%19360xa50"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000390850Securitywin-dc-mvelazco-02713-392.attackrange.localNT AUTHORITY\SYSTEMWIN-DC-MVELAZCO$ATTACKRANGE0x3e70x114cC:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe%%19360xa50"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000390851Securitywin-dc-mvelazco-02713-392.attackrange.localNT AUTHORITY\SYSTEMWIN-DC-MVELAZCO$ATTACKRANGE0x3e70x117cC:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe%%19360xa50"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000333755Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70xb78C:\Windows\System32\dllhost.exe%%19380x2f0C:\Windows\system32\DllHost.exe /Processid:{49F6E667-6658-4BD1-9DE9-6AF87F9FAF85}ATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2C:\Windows\System32\svchost.exeMandatory Label\Medium Mandatory Level 4688201331200x8020000000000000333754Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70x1608C:\Windows\System32\dllhost.exe%%19380x2f0C:\Windows\system32\DllHost.exe /Processid:{DC4537C3-CA73-4AC7-9E1D-B2CE27C3A7A6}ATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2C:\Windows\System32\svchost.exeMandatory Label\Medium Mandatory Level 4688201331200x8020000000000000333756Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70xbd0C:\Windows\System32\backgroundTaskHost.exe%%19380x2f0"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppXy7vb4pc2dr3kc93kfc509b1d0arkfb2x.mcaATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2C:\Windows\System32\svchost.exeMandatory Label\Low Mandatory Level 4625001254400x8010000000000000333757Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDtest123ATTACKRANGE0xc000006d%%23130xc00000642seclogoNegotiateWIN-HOST-MVELAZ--00x4a4C:\Windows\System32\svchost.exe::10 4688201331200x8020000000000000333759Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70x12f8C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000333758Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70x54cC:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000333760Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70x1308C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000333761Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70xfd0C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000333763Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70x15e4C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000333762Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70xb14C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000333764Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70x17b8C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level