4688201331200x8020000000000000334687Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70x2f8C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000334689Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70x338C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000334688Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70x11d8C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000334690Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70x17ccC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000334692Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70x9c8C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000334691Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70x10e4C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000334693Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70xd3cC:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000334694Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70x1448C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000334696Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70x3f0C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000334695Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70x878C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000334697Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70x14e8C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000334699Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70xab8C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000334698Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70x9ecC:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000334700Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70x1244C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000334701Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70xce0C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000334703Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70xfd4C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000334702Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70xfb4C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000334704Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70x15d0C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000334706Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70x151cC:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000334705Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70x15f8C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000334707Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70x7ccC:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000334708Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70x370C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000334710Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70x1710C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000334709Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70x142cC:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000334711Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70x1024C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000334713Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70x13f4C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000334712Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70x15acC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000334714Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70x17b8C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000334715Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70xcc8C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000334717Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70xc7cC:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000334716Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70xaa8C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000334718Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f20x250C:\Windows\System32\klist.exe%%19380x314klistNULL SID--0x0C:\Windows\System32\cmd.exeMandatory Label\Medium Mandatory Level 4688201331200x8020000000000000334719Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f20xf4cC:\Tools\PurpleSharp\PurpleSharp.exe%%19380x314PurpleSharp.exe /pb pb.jsonNULL SID--0x0C:\Windows\System32\cmd.exeMandatory Label\Medium Mandatory Level 4771001433900x8010000000000000391470Securitywin-dc-mvelazco-02713-392.attackrange.localBOBBIE_BURTONATTACKRANGE\BOBBIE_BURTONkrbtgt/attackrange.local0x408100100x182::ffff:10.0.1.1564043 4771001433900x8010000000000000391469Securitywin-dc-mvelazco-02713-392.attackrange.localJOSE_POPEATTACKRANGE\JOSE_POPEkrbtgt/attackrange.local0x408100100x182::ffff:10.0.1.1564041 4771001433900x8010000000000000391468Securitywin-dc-mvelazco-02713-392.attackrange.localLARA_MCKEEATTACKRANGE\LARA_MCKEEkrbtgt/attackrange.local0x408100100x182::ffff:10.0.1.1564039 4771001433900x8010000000000000391467Securitywin-dc-mvelazco-02713-392.attackrange.localGUSTAVO_PATEATTACKRANGE\GUSTAVO_PATEkrbtgt/attackrange.local0x408100100x182::ffff:10.0.1.1564037 4768001433900x8020000000000000391466Securitywin-dc-mvelazco-02713-392.attackrange.localBOOKER_KNOXattackrange.localATTACKRANGE\BOOKER_KNOXkrbtgtATTACKRANGE\krbtgt0x408100100x00x120::ffff:10.0.1.1564035 4771001433900x8010000000000000391465Securitywin-dc-mvelazco-02713-392.attackrange.localDENNIS_MOLINAATTACKRANGE\DENNIS_MOLINAkrbtgt/attackrange.local0x408100100x182::ffff:10.0.1.1564034 4771001433900x8010000000000000391464Securitywin-dc-mvelazco-02713-392.attackrange.localGAIL_GUERRAATTACKRANGE\GAIL_GUERRAkrbtgt/attackrange.local0x408100100x182::ffff:10.0.1.1564032 4771001433900x8010000000000000391463Securitywin-dc-mvelazco-02713-392.attackrange.localERNEST_WASHINGTONATTACKRANGE\ERNEST_WASHINGTONkrbtgt/attackrange.local0x408100100x182::ffff:10.0.1.1564030 4771001433900x8010000000000000391462Securitywin-dc-mvelazco-02713-392.attackrange.localADA_MORALESATTACKRANGE\ADA_MORALESkrbtgt/attackrange.local0x408100100x182::ffff:10.0.1.1564028 4771001433900x8010000000000000391461Securitywin-dc-mvelazco-02713-392.attackrange.localROLLAND_BRIDGESATTACKRANGE\ROLLAND_BRIDGESkrbtgt/attackrange.local0x408100100x182::ffff:10.0.1.1564026 4771001433900x8010000000000000391460Securitywin-dc-mvelazco-02713-392.attackrange.localKATHRYN_GATESATTACKRANGE\KATHRYN_GATESkrbtgt/attackrange.local0x408100100x182::ffff:10.0.1.1564024 4771001433900x8010000000000000391459Securitywin-dc-mvelazco-02713-392.attackrange.localRAUL_CHANGATTACKRANGE\RAUL_CHANGkrbtgt/attackrange.local0x408100100x182::ffff:10.0.1.1564022 4625001254400x8010000000000000334732Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDBOBBIE_BURTONattackrange.local0xc000006d%%23130xc000006a2Advapi NegotiateWIN-HOST-MVELAZ--00xf4cC:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000334731Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDJOSE_POPEattackrange.local0xc000006d%%23130xc000006a2Advapi NegotiateWIN-HOST-MVELAZ--00xf4cC:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000334730Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDLARA_MCKEEattackrange.local0xc000006d%%23130xc000006a2Advapi NegotiateWIN-HOST-MVELAZ--00xf4cC:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000334729Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDGUSTAVO_PATEattackrange.local0xc000006d%%23130xc000006a2Advapi NegotiateWIN-HOST-MVELAZ--00xf4cC:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000334728Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDBOOKER_KNOXattackrange.local0xc000006d%%23130xc000006a2Advapi NegotiateWIN-HOST-MVELAZ--00xf4cC:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000334727Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDDENNIS_MOLINAattackrange.local0xc000006d%%23130xc000006a2Advapi NegotiateWIN-HOST-MVELAZ--00xf4cC:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000334726Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDGAIL_GUERRAattackrange.local0xc000006d%%23130xc000006a2Advapi NegotiateWIN-HOST-MVELAZ--00xf4cC:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000334725Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDERNEST_WASHINGTONattackrange.local0xc000006d%%23130xc000006a2Advapi NegotiateWIN-HOST-MVELAZ--00xf4cC:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000334724Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDADA_MORALESattackrange.local0xc000006d%%23130xc000006a2Advapi NegotiateWIN-HOST-MVELAZ--00xf4cC:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000334723Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDROLLAND_BRIDGESattackrange.local0xc000006d%%23130xc000006a2Advapi NegotiateWIN-HOST-MVELAZ--00xf4cC:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000334722Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDKATHRYN_GATESattackrange.local0xc000006d%%23130xc000006a2Advapi NegotiateWIN-HOST-MVELAZ--00xf4cC:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000334721Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDRAUL_CHANGattackrange.local0xc000006d%%23130xc000006a2Advapi NegotiateWIN-HOST-MVELAZ--00xf4cC:\Tools\PurpleSharp\PurpleSharp.exe-- 4688201331200x8020000000000000334720Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70x6c4C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4625001254400x8010000000000000334772Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDCHARLEY_TALLEYattackrange.local0xc000006d%%23130xc000006a2Advapi NegotiateWIN-HOST-MVELAZ--00xf4cC:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000334771Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDHERMINIA_MORINattackrange.local0xc000006d%%23130xc000006a2Advapi NegotiateWIN-HOST-MVELAZ--00xf4cC:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000334770Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDMARC_SWEENEYattackrange.local0xc000006d%%23130xc000006a2Advapi NegotiateWIN-HOST-MVELAZ--00xf4cC:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000334769Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDVICKIE_LAMBERTattackrange.local0xc000006d%%23130xc000006a2Advapi NegotiateWIN-HOST-MVELAZ--00xf4cC:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000334768Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDRODNEY_MCPHERSONattackrange.local0xc000006d%%23130xc000006a2Advapi NegotiateWIN-HOST-MVELAZ--00xf4cC:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000334767Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDSASHA_HOLTattackrange.local0xc000006d%%23130xc000006a2Advapi NegotiateWIN-HOST-MVELAZ--00xf4cC:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000334766Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDDOLORES_NEWTONattackrange.local0xc000006d%%23130xc000006a2Advapi NegotiateWIN-HOST-MVELAZ--00xf4cC:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000334765Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDLETITIA_BRADSHAWattackrange.local0xc000006d%%23130xc000006a2Advapi NegotiateWIN-HOST-MVELAZ--00xf4cC:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000334764Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDEDGARDO_SAWYERattackrange.local0xc000006d%%23130xc000006a2Advapi NegotiateWIN-HOST-MVELAZ--00xf4cC:\Tools\PurpleSharp\PurpleSharp.exe-- 4688201331200x8020000000000000334763Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70x15d8C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4625001254400x8010000000000000334762Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDJESS_ARMSTRONGattackrange.local0xc000006d%%23130xc000006a2Advapi NegotiateWIN-HOST-MVELAZ--00xf4cC:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000334761Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDDALE_STANLEYattackrange.local0xc000006d%%23130xc000006a2Advapi NegotiateWIN-HOST-MVELAZ--00xf4cC:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000334760Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDLEON_CASHattackrange.local0xc000006d%%23130xc000006a2Advapi NegotiateWIN-HOST-MVELAZ--00xf4cC:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000334759Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDSONNY_MCKNIGHTattackrange.local0xc000006d%%23130xc000006a2Advapi NegotiateWIN-HOST-MVELAZ--00xf4cC:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000334758Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDAUBREY_DIAZattackrange.local0xc000006d%%23130xc000006a2Advapi NegotiateWIN-HOST-MVELAZ--00xf4cC:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000334757Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDAUGUST_KENNEDYattackrange.local0xc000006d%%23130xc000006a2Advapi NegotiateWIN-HOST-MVELAZ--00xf4cC:\Tools\PurpleSharp\PurpleSharp.exe-- 4771001433900x8010000000000000391508Securitywin-dc-mvelazco-02713-392.attackrange.localCHARLEY_TALLEYATTACKRANGE\CHARLEY_TALLEYkrbtgt/attackrange.local0x408100100x182::ffff:10.0.1.1564117 4771001433900x8010000000000000391507Securitywin-dc-mvelazco-02713-392.attackrange.localHERMINIA_MORINATTACKRANGE\HERMINIA_MORINkrbtgt/attackrange.local0x408100100x182::ffff:10.0.1.1564115 4771001433900x8010000000000000391506Securitywin-dc-mvelazco-02713-392.attackrange.localMARC_SWEENEYATTACKRANGE\MARC_SWEENEYkrbtgt/attackrange.local0x408100100x182::ffff:10.0.1.1564113 4771001433900x8010000000000000391505Securitywin-dc-mvelazco-02713-392.attackrange.localVICKIE_LAMBERTATTACKRANGE\VICKIE_LAMBERTkrbtgt/attackrange.local0x408100100x182::ffff:10.0.1.1564111 4771001433900x8010000000000000391504Securitywin-dc-mvelazco-02713-392.attackrange.localRODNEY_MCPHERSONATTACKRANGE\RODNEY_MCPHERSONkrbtgt/attackrange.local0x408100100x182::ffff:10.0.1.1564109 4771001433900x8010000000000000391503Securitywin-dc-mvelazco-02713-392.attackrange.localSASHA_HOLTATTACKRANGE\SASHA_HOLTkrbtgt/attackrange.local0x408100100x182::ffff:10.0.1.1564107 4771001433900x8010000000000000391502Securitywin-dc-mvelazco-02713-392.attackrange.localDOLORES_NEWTONATTACKRANGE\DOLORES_NEWTONkrbtgt/attackrange.local0x408100100x182::ffff:10.0.1.1564105 4771001433900x8010000000000000391501Securitywin-dc-mvelazco-02713-392.attackrange.localLETITIA_BRADSHAWATTACKRANGE\LETITIA_BRADSHAWkrbtgt/attackrange.local0x408100100x182::ffff:10.0.1.1564103 4771001433900x8010000000000000391500Securitywin-dc-mvelazco-02713-392.attackrange.localEDGARDO_SAWYERATTACKRANGE\EDGARDO_SAWYERkrbtgt/attackrange.local0x408100100x182::ffff:10.0.1.1564101 4771001433900x8010000000000000391499Securitywin-dc-mvelazco-02713-392.attackrange.localJESS_ARMSTRONGATTACKRANGE\JESS_ARMSTRONGkrbtgt/attackrange.local0x408100100x182::ffff:10.0.1.1564099 4771001433900x8010000000000000391498Securitywin-dc-mvelazco-02713-392.attackrange.localDALE_STANLEYATTACKRANGE\DALE_STANLEYkrbtgt/attackrange.local0x408100100x182::ffff:10.0.1.1564097 4771001433900x8010000000000000391497Securitywin-dc-mvelazco-02713-392.attackrange.localLEON_CASHATTACKRANGE\LEON_CASHkrbtgt/attackrange.local0x408100100x182::ffff:10.0.1.1564095 4771001433900x8010000000000000391496Securitywin-dc-mvelazco-02713-392.attackrange.localSONNY_MCKNIGHTATTACKRANGE\SONNY_MCKNIGHTkrbtgt/attackrange.local0x408100100x182::ffff:10.0.1.1564093 4771001433900x8010000000000000391495Securitywin-dc-mvelazco-02713-392.attackrange.localAUBREY_DIAZATTACKRANGE\AUBREY_DIAZkrbtgt/attackrange.local0x408100100x182::ffff:10.0.1.1564091 4771001433900x8010000000000000391494Securitywin-dc-mvelazco-02713-392.attackrange.localAUGUST_KENNEDYATTACKRANGE\AUGUST_KENNEDYkrbtgt/attackrange.local0x408100100x182::ffff:10.0.1.1564089 4771001433900x8010000000000000391493Securitywin-dc-mvelazco-02713-392.attackrange.localBENNETT_BASSATTACKRANGE\BENNETT_BASSkrbtgt/attackrange.local0x408100100x182::ffff:10.0.1.1564087 4771001433900x8010000000000000391492Securitywin-dc-mvelazco-02713-392.attackrange.localMYRTLE_TRANATTACKRANGE\MYRTLE_TRANkrbtgt/attackrange.local0x408100100x182::ffff:10.0.1.1564085 4771001433900x8010000000000000391491Securitywin-dc-mvelazco-02713-392.attackrange.localJAN_PARSONSATTACKRANGE\JAN_PARSONSkrbtgt/attackrange.local0x408100100x182::ffff:10.0.1.1564083 4771001433900x8010000000000000391490Securitywin-dc-mvelazco-02713-392.attackrange.localWILFRED_DOTSONATTACKRANGE\WILFRED_DOTSONkrbtgt/attackrange.local0x408100100x182::ffff:10.0.1.1564081 4771001433900x8010000000000000391489Securitywin-dc-mvelazco-02713-392.attackrange.localJANET_PARKSATTACKRANGE\JANET_PARKSkrbtgt/attackrange.local0x408100100x182::ffff:10.0.1.1564079 4771001433900x8010000000000000391488Securitywin-dc-mvelazco-02713-392.attackrange.local2074370172SAATTACKRANGE\2074370172SAkrbtgt/attackrange.local0x408100100x182::ffff:10.0.1.1564077 4771001433900x8010000000000000391487Securitywin-dc-mvelazco-02713-392.attackrange.localGRETA_VANGATTACKRANGE\GRETA_VANGkrbtgt/attackrange.local0x408100100x182::ffff:10.0.1.1564075 4771001433900x8010000000000000391486Securitywin-dc-mvelazco-02713-392.attackrange.localJON_CLEMONSATTACKRANGE\JON_CLEMONSkrbtgt/attackrange.local0x408100100x182::ffff:10.0.1.1564073 4771001433900x8010000000000000391485Securitywin-dc-mvelazco-02713-392.attackrange.localBOBBIE_KEMPATTACKRANGE\BOBBIE_KEMPkrbtgt/attackrange.local0x408100100x182::ffff:10.0.1.1564071 4771001433900x8010000000000000391484Securitywin-dc-mvelazco-02713-392.attackrange.localZACHARY_SANFORDATTACKRANGE\ZACHARY_SANFORDkrbtgt/attackrange.local0x408100100x182::ffff:10.0.1.1564069 4771001433900x8010000000000000391483Securitywin-dc-mvelazco-02713-392.attackrange.localCHERYL_GAMBLEATTACKRANGE\CHERYL_GAMBLEkrbtgt/attackrange.local0x408100100x182::ffff:10.0.1.1564067 4771001433900x8010000000000000391482Securitywin-dc-mvelazco-02713-392.attackrange.localSYLVESTER_HAWKINSATTACKRANGE\SYLVESTER_HAWKINSkrbtgt/attackrange.local0x408100100x182::ffff:10.0.1.1564065 4771001433900x8010000000000000391481Securitywin-dc-mvelazco-02713-392.attackrange.localJARRED_COLLIERATTACKRANGE\JARRED_COLLIERkrbtgt/attackrange.local0x408100100x182::ffff:10.0.1.1564063 4771001433900x8010000000000000391480Securitywin-dc-mvelazco-02713-392.attackrange.localPHILIP_HUFFMANATTACKRANGE\PHILIP_HUFFMANkrbtgt/attackrange.local0x408100100x182::ffff:10.0.1.1564061 4768001433900x8020000000000000391479Securitywin-dc-mvelazco-02713-392.attackrange.localCONNIE_MEADOWSattackrange.localATTACKRANGE\CONNIE_MEADOWSkrbtgtATTACKRANGE\krbtgt0x408100100x00x120::ffff:10.0.1.1564059 4771001433900x8010000000000000391478Securitywin-dc-mvelazco-02713-392.attackrange.localCAROLE_MIRANDAATTACKRANGE\CAROLE_MIRANDAkrbtgt/attackrange.local0x408100100x182::ffff:10.0.1.1564058 4771001433900x8010000000000000391477Securitywin-dc-mvelazco-02713-392.attackrange.localANGELA_ASHLEYATTACKRANGE\ANGELA_ASHLEYkrbtgt/attackrange.local0x408100100x182::ffff:10.0.1.1564056 4771001433900x8010000000000000391476Securitywin-dc-mvelazco-02713-392.attackrange.localBRET_MORALESATTACKRANGE\BRET_MORALESkrbtgt/attackrange.local0x408100100x182::ffff:10.0.1.1564054 4771001433900x8010000000000000391475Securitywin-dc-mvelazco-02713-392.attackrange.localRUDOLPH_HOLDERATTACKRANGE\RUDOLPH_HOLDERkrbtgt/attackrange.local0x408100100x182::ffff:10.0.1.1564052 4771001433900x8010000000000000391474Securitywin-dc-mvelazco-02713-392.attackrange.localVALERIE_ARMSTRONGATTACKRANGE\VALERIE_ARMSTRONGkrbtgt/attackrange.local0x408100100x182::ffff:10.0.1.1564050 4768001433900x8020000000000000391473Securitywin-dc-mvelazco-02713-392.attackrange.localSHERRIE_MAYattackrange.localATTACKRANGE\SHERRIE_MAYkrbtgtATTACKRANGE\krbtgt0x408100100x00x120::ffff:10.0.1.1564048 4771001433900x8010000000000000391472Securitywin-dc-mvelazco-02713-392.attackrange.localJOHNATHON_STRONGATTACKRANGE\JOHNATHON_STRONGkrbtgt/attackrange.local0x408100100x182::ffff:10.0.1.1564047 4771001433900x8010000000000000391471Securitywin-dc-mvelazco-02713-392.attackrange.localQUINTON_WOLFATTACKRANGE\QUINTON_WOLFkrbtgt/attackrange.local0x408100100x182::ffff:10.0.1.1564045 4625001254400x8010000000000000334756Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDBENNETT_BASSattackrange.local0xc000006d%%23130xc000006a2Advapi NegotiateWIN-HOST-MVELAZ--00xf4cC:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000334755Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDMYRTLE_TRANattackrange.local0xc000006d%%23130xc000006a2Advapi NegotiateWIN-HOST-MVELAZ--00xf4cC:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000334754Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDJAN_PARSONSattackrange.local0xc000006d%%23130xc000006a2Advapi NegotiateWIN-HOST-MVELAZ--00xf4cC:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000334753Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDWILFRED_DOTSONattackrange.local0xc000006d%%23130xc000006a2Advapi NegotiateWIN-HOST-MVELAZ--00xf4cC:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000334752Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDJANET_PARKSattackrange.local0xc000006d%%23130xc000006a2Advapi NegotiateWIN-HOST-MVELAZ--00xf4cC:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000334751Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SID2074370172SAattackrange.local0xc000006d%%23130xc000006a2Advapi NegotiateWIN-HOST-MVELAZ--00xf4cC:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000334750Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDGRETA_VANGattackrange.local0xc000006d%%23130xc000006a2Advapi NegotiateWIN-HOST-MVELAZ--00xf4cC:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000334749Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDJON_CLEMONSattackrange.local0xc000006d%%23130xc000006a2Advapi NegotiateWIN-HOST-MVELAZ--00xf4cC:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000334748Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDBOBBIE_KEMPattackrange.local0xc000006d%%23130xc000006a2Advapi NegotiateWIN-HOST-MVELAZ--00xf4cC:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000334747Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDZACHARY_SANFORDattackrange.local0xc000006d%%23130xc000006a2Advapi NegotiateWIN-HOST-MVELAZ--00xf4cC:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000334746Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDCHERYL_GAMBLEattackrange.local0xc000006d%%23130xc000006a2Advapi NegotiateWIN-HOST-MVELAZ--00xf4cC:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000334745Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDSYLVESTER_HAWKINSattackrange.local0xc000006d%%23130xc000006a2Advapi NegotiateWIN-HOST-MVELAZ--00xf4cC:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000334744Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDJARRED_COLLIERattackrange.local0xc000006d%%23130xc000006a2Advapi NegotiateWIN-HOST-MVELAZ--00xf4cC:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000334743Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDPHILIP_HUFFMANattackrange.local0xc000006d%%23130xc000006a2Advapi NegotiateWIN-HOST-MVELAZ--00xf4cC:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000334742Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDCONNIE_MEADOWSattackrange.local0xc000006d%%23130xc000006a2Advapi NegotiateWIN-HOST-MVELAZ--00xf4cC:\Tools\PurpleSharp\PurpleSharp.exe-- 4688201331200x8020000000000000334741Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70x14ecC:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4625001254400x8010000000000000334740Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDCAROLE_MIRANDAattackrange.local0xc000006d%%23130xc000006a2Advapi NegotiateWIN-HOST-MVELAZ--00xf4cC:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000334739Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDANGELA_ASHLEYattackrange.local0xc000006d%%23130xc000006a2Advapi NegotiateWIN-HOST-MVELAZ--00xf4cC:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000334738Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDBRET_MORALESattackrange.local0xc000006d%%23130xc000006a2Advapi NegotiateWIN-HOST-MVELAZ--00xf4cC:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000334737Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDRUDOLPH_HOLDERattackrange.local0xc000006d%%23130xc000006a2Advapi NegotiateWIN-HOST-MVELAZ--00xf4cC:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000334736Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDVALERIE_ARMSTRONGattackrange.local0xc000006d%%23130xc000006a2Advapi NegotiateWIN-HOST-MVELAZ--00xf4cC:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000334735Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDSHERRIE_MAYattackrange.local0xc000006d%%23130xc000006a2Advapi NegotiateWIN-HOST-MVELAZ--00xf4cC:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000334734Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDJOHNATHON_STRONGattackrange.local0xc000006d%%23130xc000006a2Advapi NegotiateWIN-HOST-MVELAZ--00xf4cC:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000334733Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDQUINTON_WOLFattackrange.local0xc000006d%%23130xc000006a2Advapi NegotiateWIN-HOST-MVELAZ--00xf4cC:\Tools\PurpleSharp\PurpleSharp.exe-- 4688201331200x8020000000000000334773Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70x1338C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000334774Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f20x10a8C:\Tools\PurpleSharp\PurpleSharp.exe%%19380x314PurpleSharp.exe /pb pb.jsonNULL SID--0x0C:\Windows\System32\cmd.exeMandatory Label\Medium Mandatory Level 4771001433900x8010000000000000391511Securitywin-dc-mvelazco-02713-392.attackrange.localALLISON_WATERSATTACKRANGE\ALLISON_WATERSkrbtgt/attackrange.local0x408100100x182::ffff:10.0.1.1564134 4771001433900x8010000000000000391510Securitywin-dc-mvelazco-02713-392.attackrange.localANNIE_HENDRICKSATTACKRANGE\ANNIE_HENDRICKSkrbtgt/attackrange.local0x408100100x182::ffff:10.0.1.1564132 4771001433900x8010000000000000391509Securitywin-dc-mvelazco-02713-392.attackrange.localKARLA_MERCERATTACKRANGE\KARLA_MERCERkrbtgt/attackrange.local0x408100100x182::ffff:10.0.1.1564130 4625001254400x8010000000000000334777Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDALLISON_WATERSattackrange.local0xc000006d%%23130xc000006a2Advapi NegotiateWIN-HOST-MVELAZ--00x10a8C:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000334776Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDANNIE_HENDRICKSattackrange.local0xc000006d%%23130xc000006a2Advapi NegotiateWIN-HOST-MVELAZ--00x10a8C:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000334775Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDKARLA_MERCERattackrange.local0xc000006d%%23130xc000006a2Advapi NegotiateWIN-HOST-MVELAZ--00x10a8C:\Tools\PurpleSharp\PurpleSharp.exe-- 4688201331200x8020000000000000334778Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70x3f4C:\Windows\System32\taskhostw.exe%%19380x4a4taskhostw.exeATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2C:\Windows\System32\svchost.exeMandatory Label\Medium Mandatory Level