4688201331200x8020000000000000334329Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70x16a4C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000334328Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70x1768C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000334330Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70x13a4C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000334331Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70xfdcC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000334333Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70x11acC:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000334332Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70xfccC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000334334Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70xd64C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000334336Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70x1668C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000334335Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70x3c8C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000334337Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70x1654C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000334338Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70xac0C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000334340Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70x9ecC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000334339Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70xec0C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000334341Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70xc78C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000334343Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70x9acC:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000334342Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70x11ccC:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000334344Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70x11ecC:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000334345Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70x10a4C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000334347Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70x1248C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000334346Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70xc60C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000334349Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f20x1028C:\Tools\PurpleSharp\PurpleSharp.exe%%19380x11d0PurpleSharp.exe /pb pb.jsonNULL SID--0x0C:\Windows\System32\cmd.exeMandatory Label\Medium Mandatory Level 4688201331200x8020000000000000334348Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70x1714C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4625001254400x8010000000000000334399Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDMARITZA_MARKSattackrange.local0xc000006d%%23130xc000006a2Advapi MICROSOFT_AUTHENTICATION_PACKAGE_V1_0WIN-HOST-MVELAZ--00x1028C:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000334398Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDALDO_MCKEEattackrange.local0xc000006d%%23130xc000006a2Advapi MICROSOFT_AUTHENTICATION_PACKAGE_V1_0WIN-HOST-MVELAZ--00x1028C:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000334397Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDWOODROW_HENDERSONattackrange.local0xc000006d%%23130xc000006a2Advapi MICROSOFT_AUTHENTICATION_PACKAGE_V1_0WIN-HOST-MVELAZ--00x1028C:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000334396Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDALDEN_BROWNattackrange.local0xc000006d%%23130xc000006a2Advapi MICROSOFT_AUTHENTICATION_PACKAGE_V1_0WIN-HOST-MVELAZ--00x1028C:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000334395Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDOLIVIA_GUTIERREZattackrange.local0xc000006d%%23130xc000006a2Advapi MICROSOFT_AUTHENTICATION_PACKAGE_V1_0WIN-HOST-MVELAZ--00x1028C:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000334394Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDADAM_RUIZattackrange.local0xc000006d%%23130xc000006a2Advapi MICROSOFT_AUTHENTICATION_PACKAGE_V1_0WIN-HOST-MVELAZ--00x1028C:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000334393Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDALDO_CARROLLattackrange.local0xc000006d%%23130xc000006a2Advapi MICROSOFT_AUTHENTICATION_PACKAGE_V1_0WIN-HOST-MVELAZ--00x1028C:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000334392Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDHERMINIA_EATONattackrange.local0xc000006d%%23130xc000006a2Advapi MICROSOFT_AUTHENTICATION_PACKAGE_V1_0WIN-HOST-MVELAZ--00x1028C:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000334391Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDMARYANNE_SWEETattackrange.local0xc000006d%%23130xc000006a2Advapi MICROSOFT_AUTHENTICATION_PACKAGE_V1_0WIN-HOST-MVELAZ--00x1028C:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000334390Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDGUSTAVO_PATEattackrange.local0xc000006d%%23130xc000006a2Advapi MICROSOFT_AUTHENTICATION_PACKAGE_V1_0WIN-HOST-MVELAZ--00x1028C:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000334389Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDSONNY_MCKNIGHTattackrange.local0xc000006d%%23130xc000006a2Advapi MICROSOFT_AUTHENTICATION_PACKAGE_V1_0WIN-HOST-MVELAZ--00x1028C:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000334388Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDKELLI_EMERSONattackrange.local0xc000006d%%23130xc000006a2Advapi MICROSOFT_AUTHENTICATION_PACKAGE_V1_0WIN-HOST-MVELAZ--00x1028C:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000334387Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDRUSTY_SPENCERattackrange.local0xc000006d%%23130xc000006a2Advapi MICROSOFT_AUTHENTICATION_PACKAGE_V1_0WIN-HOST-MVELAZ--00x1028C:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000334386Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SID8541540805SAattackrange.local0xc000006d%%23130xc000006a2Advapi MICROSOFT_AUTHENTICATION_PACKAGE_V1_0WIN-HOST-MVELAZ--00x1028C:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000334385Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDJULIETTE_RANDOLPHattackrange.local0xc000006d%%23130xc000006a2Advapi MICROSOFT_AUTHENTICATION_PACKAGE_V1_0WIN-HOST-MVELAZ--00x1028C:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000334384Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDSASHA_HOLTattackrange.local0xc000006d%%23130xc000006a2Advapi MICROSOFT_AUTHENTICATION_PACKAGE_V1_0WIN-HOST-MVELAZ--00x1028C:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000334383Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDRAUL_CHANGattackrange.local0xc000006d%%23130xc000006a2Advapi MICROSOFT_AUTHENTICATION_PACKAGE_V1_0WIN-HOST-MVELAZ--00x1028C:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000334382Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDMARGO_LYNCHattackrange.local0xc000006d%%23130xc000006a2Advapi MICROSOFT_AUTHENTICATION_PACKAGE_V1_0WIN-HOST-MVELAZ--00x1028C:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000334381Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDELMO_PETERSattackrange.local0xc000006d%%23130xc000006a2Advapi MICROSOFT_AUTHENTICATION_PACKAGE_V1_0WIN-HOST-MVELAZ--00x1028C:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000334380Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDMARCELO_ARMSTRONGattackrange.local0xc000006d%%23130xc000006a2Advapi MICROSOFT_AUTHENTICATION_PACKAGE_V1_0WIN-HOST-MVELAZ--00x1028C:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000334379Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDLEMUEL_HOLDERattackrange.local0xc000006d%%23130xc000006a2Advapi MICROSOFT_AUTHENTICATION_PACKAGE_V1_0WIN-HOST-MVELAZ--00x1028C:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000334378Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDBOOKER_KNOXattackrange.local0xc000006d%%23130xc000006a2Advapi MICROSOFT_AUTHENTICATION_PACKAGE_V1_0WIN-HOST-MVELAZ--00x1028C:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000334377Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDBENNY_CHANattackrange.local0xc000006d%%23130xc000006a2Advapi MICROSOFT_AUTHENTICATION_PACKAGE_V1_0WIN-HOST-MVELAZ--00x1028C:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000334376Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDIVAN_BROWNINGattackrange.local0xc000006d%%23130xc000006a2Advapi MICROSOFT_AUTHENTICATION_PACKAGE_V1_0WIN-HOST-MVELAZ--00x1028C:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000334375Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDMAMIE_BOYLEattackrange.local0xc000006d%%23130xc000006a2Advapi MICROSOFT_AUTHENTICATION_PACKAGE_V1_0WIN-HOST-MVELAZ--00x1028C:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000334374Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDFRANCISCA_RODRIQUEZattackrange.local0xc000006d%%23130xc000006a2Advapi MICROSOFT_AUTHENTICATION_PACKAGE_V1_0WIN-HOST-MVELAZ--00x1028C:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000334373Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDTAD_MCMAHONattackrange.local0xc000006d%%23130xc000006a2Advapi MICROSOFT_AUTHENTICATION_PACKAGE_V1_0WIN-HOST-MVELAZ--00x1028C:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000334372Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDZACHARY_SANFORDattackrange.local0xc000006d%%23130xc000006a2Advapi MICROSOFT_AUTHENTICATION_PACKAGE_V1_0WIN-HOST-MVELAZ--00x1028C:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000334371Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDJANETTE_JAMESattackrange.local0xc000006d%%23130xc000006a2Advapi MICROSOFT_AUTHENTICATION_PACKAGE_V1_0WIN-HOST-MVELAZ--00x1028C:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000334370Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDDIEGO_PEREZattackrange.local0xc000006d%%23130xc000006a2Advapi MICROSOFT_AUTHENTICATION_PACKAGE_V1_0WIN-HOST-MVELAZ--00x1028C:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000334369Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDSHANNON_ROWLANDattackrange.local0xc000006d%%23130xc000006a2Advapi MICROSOFT_AUTHENTICATION_PACKAGE_V1_0WIN-HOST-MVELAZ--00x1028C:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000334368Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDPHOEBE_EDWARDSattackrange.local0xc000006d%%23130xc000006a2Advapi MICROSOFT_AUTHENTICATION_PACKAGE_V1_0WIN-HOST-MVELAZ--00x1028C:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000334367Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDVANCE_GILLESPIEattackrange.local0xc000006d%%23130xc000006a2Advapi MICROSOFT_AUTHENTICATION_PACKAGE_V1_0WIN-HOST-MVELAZ--00x1028C:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000334366Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDAUBREY_GUTHRIEattackrange.local0xc000006d%%23130xc000006a2Advapi MICROSOFT_AUTHENTICATION_PACKAGE_V1_0WIN-HOST-MVELAZ--00x1028C:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000334365Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SID2235889183SAattackrange.local0xc000006d%%23130xc000006a2Advapi MICROSOFT_AUTHENTICATION_PACKAGE_V1_0WIN-HOST-MVELAZ--00x1028C:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000334364Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDMICHEL_HARTattackrange.local0xc000006d%%23130xc000006a2Advapi MICROSOFT_AUTHENTICATION_PACKAGE_V1_0WIN-HOST-MVELAZ--00x1028C:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000334363Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDALLISON_WATERSattackrange.local0xc000006d%%23130xc000006a2Advapi MICROSOFT_AUTHENTICATION_PACKAGE_V1_0WIN-HOST-MVELAZ--00x1028C:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000334362Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDWINFRED_WEBSTERattackrange.local0xc000006d%%23130xc000006a2Advapi MICROSOFT_AUTHENTICATION_PACKAGE_V1_0WIN-HOST-MVELAZ--00x1028C:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000334361Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDNADINE_HOPKINSattackrange.local0xc000006d%%23130xc000006a2Advapi MICROSOFT_AUTHENTICATION_PACKAGE_V1_0WIN-HOST-MVELAZ--00x1028C:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000334360Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDFLOYD_WALLERattackrange.local0xc000006d%%23130xc000006a2Advapi MICROSOFT_AUTHENTICATION_PACKAGE_V1_0WIN-HOST-MVELAZ--00x1028C:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000334359Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDMANDY_BRYANTattackrange.local0xc000006d%%23130xc000006a2Advapi MICROSOFT_AUTHENTICATION_PACKAGE_V1_0WIN-HOST-MVELAZ--00x1028C:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000334358Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDABIGAIL_MCDOWELLattackrange.local0xc000006d%%23130xc000006a2Advapi MICROSOFT_AUTHENTICATION_PACKAGE_V1_0WIN-HOST-MVELAZ--00x1028C:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000334357Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDJOSUE_HOWARDattackrange.local0xc000006d%%23130xc000006a2Advapi MICROSOFT_AUTHENTICATION_PACKAGE_V1_0WIN-HOST-MVELAZ--00x1028C:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000334356Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDDONALD_ROBERTSattackrange.local0xc000006d%%23130xc000006a2Advapi MICROSOFT_AUTHENTICATION_PACKAGE_V1_0WIN-HOST-MVELAZ--00x1028C:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000334355Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDDEAN_MALDONADOattackrange.local0xc000006d%%23130xc000006a2Advapi MICROSOFT_AUTHENTICATION_PACKAGE_V1_0WIN-HOST-MVELAZ--00x1028C:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000334354Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDDALE_STANLEYattackrange.local0xc000006d%%23130xc000006a2Advapi MICROSOFT_AUTHENTICATION_PACKAGE_V1_0WIN-HOST-MVELAZ--00x1028C:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000334353Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDLENA_DELANEYattackrange.local0xc000006d%%23130xc000006a2Advapi MICROSOFT_AUTHENTICATION_PACKAGE_V1_0WIN-HOST-MVELAZ--00x1028C:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000334352Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDALANA_WILKINSattackrange.local0xc000006d%%23130xc000006a2Advapi MICROSOFT_AUTHENTICATION_PACKAGE_V1_0WIN-HOST-MVELAZ--00x1028C:\Tools\PurpleSharp\PurpleSharp.exe-- 4625001254400x8010000000000000334351Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDABRAHAM_CHASEattackrange.local0xc000006d%%23130xc000006a2Advapi MICROSOFT_AUTHENTICATION_PACKAGE_V1_0WIN-HOST-MVELAZ--00x1028C:\Tools\PurpleSharp\PurpleSharp.exe-- 4776001433600x8010000000000000391406Securitywin-dc-mvelazco-02713-392.attackrange.localMICROSOFT_AUTHENTICATION_PACKAGE_V1_0MARITZA_MARKSWIN-HOST-MVELAZ0xc000006a 4776001433600x8010000000000000391405Securitywin-dc-mvelazco-02713-392.attackrange.localMICROSOFT_AUTHENTICATION_PACKAGE_V1_0ALDO_MCKEEWIN-HOST-MVELAZ0xc000006a 4776001433600x8010000000000000391404Securitywin-dc-mvelazco-02713-392.attackrange.localMICROSOFT_AUTHENTICATION_PACKAGE_V1_0WOODROW_HENDERSONWIN-HOST-MVELAZ0xc000006a 4776001433600x8010000000000000391403Securitywin-dc-mvelazco-02713-392.attackrange.localMICROSOFT_AUTHENTICATION_PACKAGE_V1_0ALDEN_BROWNWIN-HOST-MVELAZ0xc000006a 4776001433600x8010000000000000391402Securitywin-dc-mvelazco-02713-392.attackrange.localMICROSOFT_AUTHENTICATION_PACKAGE_V1_0OLIVIA_GUTIERREZWIN-HOST-MVELAZ0xc000006a 4776001433600x8010000000000000391401Securitywin-dc-mvelazco-02713-392.attackrange.localMICROSOFT_AUTHENTICATION_PACKAGE_V1_0ADAM_RUIZWIN-HOST-MVELAZ0xc000006a 4776001433600x8010000000000000391400Securitywin-dc-mvelazco-02713-392.attackrange.localMICROSOFT_AUTHENTICATION_PACKAGE_V1_0ALDO_CARROLLWIN-HOST-MVELAZ0xc000006a 4776001433600x8010000000000000391399Securitywin-dc-mvelazco-02713-392.attackrange.localMICROSOFT_AUTHENTICATION_PACKAGE_V1_0HERMINIA_EATONWIN-HOST-MVELAZ0xc000006a 4776001433600x8010000000000000391398Securitywin-dc-mvelazco-02713-392.attackrange.localMICROSOFT_AUTHENTICATION_PACKAGE_V1_0MARYANNE_SWEETWIN-HOST-MVELAZ0xc000006a 4776001433600x8010000000000000391397Securitywin-dc-mvelazco-02713-392.attackrange.localMICROSOFT_AUTHENTICATION_PACKAGE_V1_0GUSTAVO_PATEWIN-HOST-MVELAZ0xc000006a 4776001433600x8010000000000000391396Securitywin-dc-mvelazco-02713-392.attackrange.localMICROSOFT_AUTHENTICATION_PACKAGE_V1_0SONNY_MCKNIGHTWIN-HOST-MVELAZ0xc000006a 4776001433600x8010000000000000391395Securitywin-dc-mvelazco-02713-392.attackrange.localMICROSOFT_AUTHENTICATION_PACKAGE_V1_0KELLI_EMERSONWIN-HOST-MVELAZ0xc000006a 4776001433600x8010000000000000391394Securitywin-dc-mvelazco-02713-392.attackrange.localMICROSOFT_AUTHENTICATION_PACKAGE_V1_0RUSTY_SPENCERWIN-HOST-MVELAZ0xc000006a 4776001433600x8010000000000000391393Securitywin-dc-mvelazco-02713-392.attackrange.localMICROSOFT_AUTHENTICATION_PACKAGE_V1_08541540805SAWIN-HOST-MVELAZ0xc000006a 4776001433600x8010000000000000391392Securitywin-dc-mvelazco-02713-392.attackrange.localMICROSOFT_AUTHENTICATION_PACKAGE_V1_0JULIETTE_RANDOLPHWIN-HOST-MVELAZ0xc000006a 4776001433600x8010000000000000391391Securitywin-dc-mvelazco-02713-392.attackrange.localMICROSOFT_AUTHENTICATION_PACKAGE_V1_0SASHA_HOLTWIN-HOST-MVELAZ0xc000006a 4776001433600x8010000000000000391390Securitywin-dc-mvelazco-02713-392.attackrange.localMICROSOFT_AUTHENTICATION_PACKAGE_V1_0RAUL_CHANGWIN-HOST-MVELAZ0xc000006a 4776001433600x8010000000000000391389Securitywin-dc-mvelazco-02713-392.attackrange.localMICROSOFT_AUTHENTICATION_PACKAGE_V1_0MARGO_LYNCHWIN-HOST-MVELAZ0xc000006a 4776001433600x8010000000000000391388Securitywin-dc-mvelazco-02713-392.attackrange.localMICROSOFT_AUTHENTICATION_PACKAGE_V1_0ELMO_PETERSWIN-HOST-MVELAZ0xc000006a 4776001433600x8010000000000000391387Securitywin-dc-mvelazco-02713-392.attackrange.localMICROSOFT_AUTHENTICATION_PACKAGE_V1_0MARCELO_ARMSTRONGWIN-HOST-MVELAZ0xc000006a 4776001433600x8010000000000000391386Securitywin-dc-mvelazco-02713-392.attackrange.localMICROSOFT_AUTHENTICATION_PACKAGE_V1_0LEMUEL_HOLDERWIN-HOST-MVELAZ0xc000006a 4776001433600x8010000000000000391385Securitywin-dc-mvelazco-02713-392.attackrange.localMICROSOFT_AUTHENTICATION_PACKAGE_V1_0BOOKER_KNOXWIN-HOST-MVELAZ0xc000006a 4776001433600x8010000000000000391384Securitywin-dc-mvelazco-02713-392.attackrange.localMICROSOFT_AUTHENTICATION_PACKAGE_V1_0BENNY_CHANWIN-HOST-MVELAZ0xc000006a 4776001433600x8010000000000000391383Securitywin-dc-mvelazco-02713-392.attackrange.localMICROSOFT_AUTHENTICATION_PACKAGE_V1_0IVAN_BROWNINGWIN-HOST-MVELAZ0xc000006a 4776001433600x8010000000000000391382Securitywin-dc-mvelazco-02713-392.attackrange.localMICROSOFT_AUTHENTICATION_PACKAGE_V1_0MAMIE_BOYLEWIN-HOST-MVELAZ0xc000006a 4776001433600x8010000000000000391381Securitywin-dc-mvelazco-02713-392.attackrange.localMICROSOFT_AUTHENTICATION_PACKAGE_V1_0FRANCISCA_RODRIQUEZWIN-HOST-MVELAZ0xc000006a 4776001433600x8010000000000000391380Securitywin-dc-mvelazco-02713-392.attackrange.localMICROSOFT_AUTHENTICATION_PACKAGE_V1_0TAD_MCMAHONWIN-HOST-MVELAZ0xc000006a 4776001433600x8010000000000000391379Securitywin-dc-mvelazco-02713-392.attackrange.localMICROSOFT_AUTHENTICATION_PACKAGE_V1_0ZACHARY_SANFORDWIN-HOST-MVELAZ0xc000006a 4776001433600x8010000000000000391378Securitywin-dc-mvelazco-02713-392.attackrange.localMICROSOFT_AUTHENTICATION_PACKAGE_V1_0JANETTE_JAMESWIN-HOST-MVELAZ0xc000006a 4776001433600x8010000000000000391377Securitywin-dc-mvelazco-02713-392.attackrange.localMICROSOFT_AUTHENTICATION_PACKAGE_V1_0DIEGO_PEREZWIN-HOST-MVELAZ0xc000006a 4776001433600x8010000000000000391376Securitywin-dc-mvelazco-02713-392.attackrange.localMICROSOFT_AUTHENTICATION_PACKAGE_V1_0SHANNON_ROWLANDWIN-HOST-MVELAZ0xc000006a 4776001433600x8010000000000000391375Securitywin-dc-mvelazco-02713-392.attackrange.localMICROSOFT_AUTHENTICATION_PACKAGE_V1_0PHOEBE_EDWARDSWIN-HOST-MVELAZ0xc000006a 4776001433600x8010000000000000391374Securitywin-dc-mvelazco-02713-392.attackrange.localMICROSOFT_AUTHENTICATION_PACKAGE_V1_0VANCE_GILLESPIEWIN-HOST-MVELAZ0xc000006a 4776001433600x8010000000000000391373Securitywin-dc-mvelazco-02713-392.attackrange.localMICROSOFT_AUTHENTICATION_PACKAGE_V1_0AUBREY_GUTHRIEWIN-HOST-MVELAZ0xc000006a 4776001433600x8010000000000000391372Securitywin-dc-mvelazco-02713-392.attackrange.localMICROSOFT_AUTHENTICATION_PACKAGE_V1_02235889183SAWIN-HOST-MVELAZ0xc000006a 4776001433600x8010000000000000391371Securitywin-dc-mvelazco-02713-392.attackrange.localMICROSOFT_AUTHENTICATION_PACKAGE_V1_0MICHEL_HARTWIN-HOST-MVELAZ0xc000006a 4776001433600x8010000000000000391370Securitywin-dc-mvelazco-02713-392.attackrange.localMICROSOFT_AUTHENTICATION_PACKAGE_V1_0ALLISON_WATERSWIN-HOST-MVELAZ0xc000006a 4776001433600x8010000000000000391369Securitywin-dc-mvelazco-02713-392.attackrange.localMICROSOFT_AUTHENTICATION_PACKAGE_V1_0WINFRED_WEBSTERWIN-HOST-MVELAZ0xc000006a 4776001433600x8010000000000000391368Securitywin-dc-mvelazco-02713-392.attackrange.localMICROSOFT_AUTHENTICATION_PACKAGE_V1_0NADINE_HOPKINSWIN-HOST-MVELAZ0xc000006a 4776001433600x8010000000000000391367Securitywin-dc-mvelazco-02713-392.attackrange.localMICROSOFT_AUTHENTICATION_PACKAGE_V1_0FLOYD_WALLERWIN-HOST-MVELAZ0xc000006a 4776001433600x8010000000000000391366Securitywin-dc-mvelazco-02713-392.attackrange.localMICROSOFT_AUTHENTICATION_PACKAGE_V1_0MANDY_BRYANTWIN-HOST-MVELAZ0xc000006a 4776001433600x8010000000000000391365Securitywin-dc-mvelazco-02713-392.attackrange.localMICROSOFT_AUTHENTICATION_PACKAGE_V1_0ABIGAIL_MCDOWELLWIN-HOST-MVELAZ0xc000006a 4776001433600x8010000000000000391364Securitywin-dc-mvelazco-02713-392.attackrange.localMICROSOFT_AUTHENTICATION_PACKAGE_V1_0JOSUE_HOWARDWIN-HOST-MVELAZ0xc000006a 4776001433600x8010000000000000391363Securitywin-dc-mvelazco-02713-392.attackrange.localMICROSOFT_AUTHENTICATION_PACKAGE_V1_0DONALD_ROBERTSWIN-HOST-MVELAZ0xc000006a 4776001433600x8010000000000000391362Securitywin-dc-mvelazco-02713-392.attackrange.localMICROSOFT_AUTHENTICATION_PACKAGE_V1_0DEAN_MALDONADOWIN-HOST-MVELAZ0xc000006a 4776001433600x8010000000000000391361Securitywin-dc-mvelazco-02713-392.attackrange.localMICROSOFT_AUTHENTICATION_PACKAGE_V1_0DALE_STANLEYWIN-HOST-MVELAZ0xc000006a 4776001433600x8010000000000000391360Securitywin-dc-mvelazco-02713-392.attackrange.localMICROSOFT_AUTHENTICATION_PACKAGE_V1_0LENA_DELANEYWIN-HOST-MVELAZ0xc000006a 4776001433600x8010000000000000391359Securitywin-dc-mvelazco-02713-392.attackrange.localMICROSOFT_AUTHENTICATION_PACKAGE_V1_0ALANA_WILKINSWIN-HOST-MVELAZ0xc000006a 4776001433600x8010000000000000391358Securitywin-dc-mvelazco-02713-392.attackrange.localMICROSOFT_AUTHENTICATION_PACKAGE_V1_0ABRAHAM_CHASEWIN-HOST-MVELAZ0xc000006a 4776001433600x8010000000000000391357Securitywin-dc-mvelazco-02713-392.attackrange.localMICROSOFT_AUTHENTICATION_PACKAGE_V1_0JAN_PARSONSWIN-HOST-MVELAZ0xc000006a 4625001254400x8010000000000000334350Securitywin-host-mvelazco-02713-447.attackrange.localATTACKRANGE\REED_LARSENreed_larsenATTACKRANGE0x1360f2NULL SIDJAN_PARSONSattackrange.local0xc000006d%%23130xc000006a2Advapi MICROSOFT_AUTHENTICATION_PACKAGE_V1_0WIN-HOST-MVELAZ--00x1028C:\Tools\PurpleSharp\PurpleSharp.exe-- 4688201331200x8020000000000000334401Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70x17b4C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000334400Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70x1634C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000334402Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70x1764C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000334403Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70x130C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000334405Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70xab8C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000334404Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70x14d4C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000334406Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70x1498C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000334408Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70x17c0C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000334407Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70x12f8C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000334409Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70xf2cC:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000334410Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70x14f8C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000334412Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70xd34C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000334411Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70xa5cC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000334413Securitywin-host-mvelazco-02713-447.attackrange.localNT AUTHORITY\SYSTEMWIN-HOST-MVELAZ$ATTACKRANGE0x3e70x8e0C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe%%19360x7d4"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"NULL SID--0x0C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level