23542300x8000000000000000150621294Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:56:48.768{3BF36828-4B5D-61E8-7600-00000000CF01}3900NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F9DBD3203B79F78526A2D4A3FEA0F545,SHA256=18A1DD34AFA4817AD6CFF0F37F82A4CD3DA4A038BAC16F34CCEFF2E5DF8D70F0,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000071065820Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:56:48.377{B81B27B7-4B4D-61E8-6F00-00000000CE01}3156NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4199F744C399A5E4FD73192BC3C829EE,SHA256=5809A894A7E3B6BAC4C947CE0DC1E79EDF1BA73101ADD138BA70C9499E38D629,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000071065819Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:56:40.753{B81B27B7-4B45-61E8-6600-00000000CE01}4020C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local52543-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x8000000000000000150621295Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:56:49.783{3BF36828-4B5D-61E8-7600-00000000CF01}3900NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=63ADB2487ECD010B05F003CCD6D331CB,SHA256=1A5B1D30E4A4B907DEF3F1B76A019CD79A5517AE2F1E636808C81662DFB31724,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000071065821Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:56:49.392{B81B27B7-4B4D-61E8-6F00-00000000CE01}3156NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1A15CA7142A8FF3DCDC58C832B79CA9F,SHA256=270FF627B5B26847D3AADB183E619DCE4A5D7974E2C4818A5481B66B472C6DBA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000071065822Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:56:50.408{B81B27B7-4B4D-61E8-6F00-00000000CE01}3156NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B9C713088BDA9AB0B0C8CB1B4C56CA8B,SHA256=8BB9F789B2A4DC72E83DD07F10CE125A1776208669EBB133E3669CBBA3285F39,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000150621297Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:56:50.799{3BF36828-4B5D-61E8-7600-00000000CF01}3900NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B5ECAB4A210B2CF745C4995C355F7660,SHA256=36C8EBFDA2B756931972F3ECF2B4B7F4D45C86D8AEB085A1660DA91475F66D10,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000150621296Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:56:50.658{3BF36828-4B49-61E8-2D00-00000000CF01}3056NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=9D45E1BDB6F237A6CF51FFC6A12E6130,SHA256=87EEE278CDF62B2B86AF9CB87BDB04BAFB10272CEA175D83979B0C43158C5AB9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000150621301Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:56:51.815{3BF36828-4B5D-61E8-7600-00000000CF01}3900NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EC613AE4DE36F457AEC411504C0F2A66,SHA256=09910D3F80AFFE9F31746011D9AD03D5F0F0725D7C835AC649166B36E243E93A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x8000000000000000150621300Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:56:33.801{3BF36828-4B56-61E8-6D00-00000000CF01}4044C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local52398-false10.0.1.12-8000- 23542300x800000000000000071065823Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:56:51.408{B81B27B7-4B4D-61E8-6F00-00000000CE01}3156NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=413609C8A34F57869BA69B66251A56B0,SHA256=A25CCFFC51E92E86AB6CB9A7A56139C167C39341CD2CCF38E499E252C348C861,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000150621299Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:56:51.127{3BF36828-4B5D-61E8-7600-00000000CF01}3900NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=FB53F8E13D59B39D7CAE1B83D3FBA6BA,SHA256=9543FF7C748726ECCA7FA309975802BB7E0FA87C31030C6051E089034FC3C9EF,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000150621298Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:56:51.127{3BF36828-4B5D-61E8-7600-00000000CF01}3900NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=61E80B973DE51E6B08EA7408293BFC5A,SHA256=8C49B7E26D017F39B0E4D38D5FD7B0EA173F00532A5AC70309F2968D479F8753,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x8000000000000000150621303Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:56:34.317{3BF36828-4B49-61E8-2D00-00000000CF01}3056C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local52399-false10.0.1.12-8089- 23542300x8000000000000000150621302Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:56:52.846{3BF36828-4B5D-61E8-7600-00000000CF01}3900NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F776FE55661D12988147128308FD35A8,SHA256=0C7D196199AF1385FC59B192EE9C432653FEA93EB3678EB4FA209A9FAEFBCCCB,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000071065824Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:56:52.424{B81B27B7-4B4D-61E8-6F00-00000000CE01}3156NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=50E14AC2742081F715EAC637B7899E51,SHA256=146E250C27FE8A17BB928B76128BFF99183F6E809751AB1016AEC84004F50A62,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000150621304Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:56:53.877{3BF36828-4B5D-61E8-7600-00000000CF01}3900NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=74E1AC1837DDC6715763219C36705C44,SHA256=1B28357DBE77958B34917DCFC382D5FEBE1C59262DFF754687A8E72BB2ED5254,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000071065826Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:56:45.893{B81B27B7-4B45-61E8-6600-00000000CE01}4020C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local52544-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000071065825Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:56:53.439{B81B27B7-4B4D-61E8-6F00-00000000CE01}3156NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=13DD67C85A78B8095F33C47F27BE4113,SHA256=0EBC12A2CA04DFA5C4A2F365D8F734FAF46D4543B7C2D4B3D2A1BF3E17B14A17,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000150621305Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:56:54.924{3BF36828-4B5D-61E8-7600-00000000CF01}3900NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4CD1454719E70F4D6B5C17FE2B6C92F1,SHA256=DEC23DD610ED59534921147AC42E2586CD56AA75361BB03EE32B3183659D3EF0,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000071065827Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:56:54.486{B81B27B7-4B4D-61E8-6F00-00000000CE01}3156NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3695ACA9C9151A803B5621B3C94ABFD6,SHA256=47952A90C5CF1FB5CB4872D973517B3B9B92CFA257F522E14FF3C125875754EF,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000071065829Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:56:55.596{B81B27B7-4B4D-61E8-6F00-00000000CE01}3156NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C02306E22CF22EA042CFEC2A47CA34C7,SHA256=3E1A0B967A9A95192260ED09A2F6C76DE12CC9CC2739351831BA2C35078DC4E0,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000150621306Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:56:55.955{3BF36828-4B5D-61E8-7600-00000000CF01}3900NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6B29DECAED833429036D8E7983386249,SHA256=0D9BA5D668D99A834280D1265D351B36345081DEE4E62748BF9A6E168F4EE04C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000071065828Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:56:55.064{B81B27B7-4B3A-61E8-1000-00000000CE01}984NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=A40134470FDB8E4ED9D647A4E5B66F59,SHA256=8CD5279BD0C2397517C6A18F2D39E74B8DE519E2736B66069CB52E7ED5A7DED4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000150621307Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:56:56.971{3BF36828-4B5D-61E8-7600-00000000CF01}3900NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=701BF8BA514DE481445ADA4C56216FD5,SHA256=99405673A5A32E082B283812B3525466B8DC17C2E852D826FCCCC9324361F9B9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000071065830Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:56:56.642{B81B27B7-4B4D-61E8-6F00-00000000CE01}3156NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1B730A3DAB7FB7D9185604E067F5D2B7,SHA256=2240583B64CE7574458838DFDB4CC7462A38B7323C2936C1A5F1E6DC13CD1DBB,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000071065831Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:56:57.674{B81B27B7-4B4D-61E8-6F00-00000000CE01}3156NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DD86A8A22E28277D5BB264F879F24AE3,SHA256=5450E283F361A898FD85FD09483B9353F85F11AED4D297ABC8F497F857B72C4D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000150621309Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:56:57.252{3BF36828-4B5D-61E8-7600-00000000CF01}3900NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=7E73EEA4315AAE7DC9713DAC3BA0FCF9,SHA256=0EB28009D97499572C60F09A50D62B82376A39F198F84479ABD3792DEEB98F18,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000150621308Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:56:57.252{3BF36828-4B5D-61E8-7600-00000000CF01}3900NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=FB53F8E13D59B39D7CAE1B83D3FBA6BA,SHA256=9543FF7C748726ECCA7FA309975802BB7E0FA87C31030C6051E089034FC3C9EF,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000071065833Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:56:58.705{B81B27B7-4B4D-61E8-6F00-00000000CE01}3156NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D6DB7AB491A840C2272FADCE5A5515B1,SHA256=7487B858D286EC34CF92E49B2AEF1C540A28B2040EF8D6A7918962D1313D20D4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x8000000000000000150621311Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:56:39.785{3BF36828-4B56-61E8-6D00-00000000CF01}4044C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local52400-false10.0.1.12-8000- 23542300x8000000000000000150621310Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:56:58.002{3BF36828-4B5D-61E8-7600-00000000CF01}3900NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=19EEBEFF27F3A2CF406BEA991970B52B,SHA256=7BA96B9B5ED1A661D10D41DC5024A85C95523C4F80B45399D9D820771288E4CD,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000071065832Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:56:50.924{B81B27B7-4B45-61E8-6600-00000000CE01}4020C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local52545-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000071065834Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:56:59.721{B81B27B7-4B4D-61E8-6F00-00000000CE01}3156NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=86F68D104223F8C4160A765218BA8800,SHA256=89FC0AE6F2DCD24C6FAEE0F40AD16A8CE6767250B6280D0D1B5A72C034958F4C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000150621312Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:56:59.018{3BF36828-4B5D-61E8-7600-00000000CF01}3900NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5466A318AF7A14488ECDC66D4B5F4CB9,SHA256=031641BBAD3F83BFA4F621F1C210C81586EB3D0DD9798C0A64485F9F40FA8C27,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000071065835Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:00.892{B81B27B7-4B4D-61E8-6F00-00000000CE01}3156NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=57223FA36FC2D00A5A178463336E668A,SHA256=B9DEFC9B26B1B2F94A43116D6A3A7DE7801ED79258538A50100546D1D511DADA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000150621313Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:00.049{3BF36828-4B5D-61E8-7600-00000000CF01}3900NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EC89CDF43B00AEB4215D4522F0F95B28,SHA256=05DC8B8E66282965F9E9ACBC6930E46160CA3C9AD763AF0A7F068BFCB3A342BF,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000071065836Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:01.955{B81B27B7-4B4D-61E8-6F00-00000000CE01}3156NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FF2A228A7EF2EF0E89FCAEDE78261B83,SHA256=6890B07EDFD5C69443761499D3CEFDD1F8679EB5BAEC4122C70C620F4A41AB37,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000150621314Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:01.096{3BF36828-4B5D-61E8-7600-00000000CF01}3900NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AC8AEDF0B354715BB08A8029ADFA96DF,SHA256=D2ADE98047D5424324ABDBA03AE88092E4DF35044B37E7EFDA0C2C3FE84423E9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000071065837Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:02.972{B81B27B7-4B4D-61E8-6F00-00000000CE01}3156NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1BB480A9E0BE10F1EB7EC91054B35D61,SHA256=48FA35CC9A84022491252053C0CCEF3DDE478A0B2E27101BCCC64D7DBEF90030,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000150621317Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:02.330{3BF36828-4B5D-61E8-7600-00000000CF01}3900NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=AF99F3FE713F290BA41AE37A54DBC77E,SHA256=3D5D1A2653FF6F43B9EA949A95478B314E371153CE58A08635E2F76CCBF26B31,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000150621316Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:02.330{3BF36828-4B5D-61E8-7600-00000000CF01}3900NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=7E73EEA4315AAE7DC9713DAC3BA0FCF9,SHA256=0EB28009D97499572C60F09A50D62B82376A39F198F84479ABD3792DEEB98F18,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000150621315Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:02.111{3BF36828-4B5D-61E8-7600-00000000CF01}3900NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B3E1DB18367529EF87EFCD14978C95CD,SHA256=DA72A2AE99FAB0EBC1E1668CE8130F0BD0F78B3B331396BA6412D98103D05829,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000071065839Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:03.975{B81B27B7-4B4D-61E8-6F00-00000000CE01}3156NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A5E983EDF13C2C2F98A6A5254BD752E1,SHA256=8B899A2F23D0BFCEFFBA8AD0D7CF48B3FEBC9ECC596B394B6E2B70A3503BC113,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x8000000000000000150621367Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:03.924{3BF36828-9E9F-61F9-180A-02000000CF01}2128C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x8000000000000000150621366Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:03.924{3BF36828-9E9F-61F9-180A-02000000CF01}2128C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rsaenh.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=B6E99FD898E948657373BB02708C7C00,SHA256=90476029BD7AB0FEC53AAE567AE53BC0B09C7C5C8C7B8F19485BA872B74ED591,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x8000000000000000150621365Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:03.924{3BF36828-9E9F-61F9-180A-02000000CF01}2128C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x8000000000000000150621364Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:03.924{3BF36828-9E9F-61F9-180A-02000000CF01}2128C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x8000000000000000150621363Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:03.924{3BF36828-9E9F-61F9-180A-02000000CF01}2128C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x8000000000000000150621362Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:03.924{3BF36828-9E9F-61F9-180A-02000000CF01}2128C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x8000000000000000150621361Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:03.908{3BF36828-9E9F-61F9-180A-02000000CF01}2128C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x8000000000000000150621360Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:03.908{3BF36828-9E9F-61F9-180A-02000000CF01}2128C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x8000000000000000150621359Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:03.908{3BF36828-9E9F-61F9-180A-02000000CF01}2128C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x8000000000000000150621358Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:03.908{3BF36828-9E9F-61F9-180A-02000000CF01}2128C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x8000000000000000150621357Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:03.908{3BF36828-9E9F-61F9-180A-02000000CF01}2128C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x8000000000000000150621356Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:03.908{3BF36828-9E9F-61F9-180A-02000000CF01}2128C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x8000000000000000150621355Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:03.908{3BF36828-9E9F-61F9-180A-02000000CF01}2128C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x8000000000000000150621354Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:03.908{3BF36828-9E9F-61F9-180A-02000000CF01}2128C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000150621353Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:03.908{3BF36828-9E9F-61F9-180A-02000000CF01}2128C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x8000000000000000150621352Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:03.908{3BF36828-9E9F-61F9-180A-02000000CF01}2128C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x8000000000000000150621351Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:03.908{3BF36828-9E9F-61F9-180A-02000000CF01}2128C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\combase.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=88632FDECDE467B887C3594BE2EC545C,SHA256=FFED4D80961917C785063411ED15CED1DB6588AD925E76D72E1BF684FFDBF25D,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x8000000000000000150621350Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:03.908{3BF36828-9E9F-61F9-180A-02000000CF01}2128C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x8000000000000000150621349Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:03.908{3BF36828-9E9F-61F9-180A-02000000CF01}2128C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x8000000000000000150621348Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:03.908{3BF36828-9E9F-61F9-180A-02000000CF01}2128C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x8000000000000000150621347Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:03.908{3BF36828-9E9F-61F9-180A-02000000CF01}2128C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x8000000000000000150621346Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:03.893{3BF36828-9E9F-61F9-180A-02000000CF01}2128C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x8000000000000000150621345Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:03.893{3BF36828-9E9F-61F9-180A-02000000CF01}2128C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x8000000000000000150621344Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:03.893{3BF36828-9E9F-61F9-180A-02000000CF01}2128C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4350 (rs1_release.210407-2154)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=BC930981DA6E598A6A2E87D8355CB38A,SHA256=34DB9A305C0574B5C1694A499221B520DFB2BFD894D8E95096ABF09F1182D758,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x8000000000000000150621343Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:03.893{3BF36828-9E9F-61F9-180A-02000000CF01}2128C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x8000000000000000150621342Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:03.893{3BF36828-9E9F-61F9-180A-02000000CF01}2128C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x8000000000000000150621341Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:03.893{3BF36828-9E9F-61F9-180A-02000000CF01}2128C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x8000000000000000150621340Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:03.893{3BF36828-9E9F-61F9-180A-02000000CF01}2128C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x8000000000000000150621339Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:03.893{3BF36828-9E9F-61F9-180A-02000000CF01}2128C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x8000000000000000150621338Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:03.893{3BF36828-9E9F-61F9-180A-02000000CF01}2128C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x8000000000000000150621337Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:03.893{3BF36828-9E9F-61F9-180A-02000000CF01}2128C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x8000000000000000150621336Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:03.893{3BF36828-9E9F-61F9-180A-02000000CF01}2128C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x8000000000000000150621335Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:03.893{3BF36828-9E9F-61F9-180A-02000000CF01}2128C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x8000000000000000150621334Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:03.893{3BF36828-9E9F-61F9-180A-02000000CF01}2128C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x8000000000000000150621333Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:03.893{3BF36828-9E9F-61F9-180A-02000000CF01}2128C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\fltLib.dll10.0.14393.0 (rs1_release.160715-1616)Filter LibraryMicrosoft® Windows® Operating SystemMicrosoft CorporationfilterLib.dllMD5=051ABD8360BDA63A1BC77C662FBF0A25,SHA256=C914E2DBAEC2C9A11923A984B30A979637D3A27B3C29E93F4C90FB1D9FBC518F,IMPHASH=74D3C2DA8B6F9861866B866AE40683D3trueMicrosoft WindowsValid 734700x8000000000000000150621332Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:03.893{3BF36828-9E9F-61F9-180A-02000000CF01}2128C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\advapi32.dll10.0.14393.2969 (rs1_release.190503-1820)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=F5442C4B9A99C3AED71BED79AC46DAD1,SHA256=05F47403F3BD93FB11F39A5CB4D6E4DD08B35FF4FA3D4969D8E5396D38FB484B,IMPHASH=D2F471BB25AF6310EB67BD4EA99B4DBCtrueMicrosoft WindowsValid 10341000x8000000000000000150621331Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:03.893{3BF36828-4B4B-61E8-3600-00000000CF01}34443464C:\Windows\system32\conhost.exe{3BF36828-9E9F-61F9-180A-02000000CF01}2128C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x8000000000000000150621330Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:03.893{3BF36828-9E9F-61F9-180A-02000000CF01}2128C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x8000000000000000150621329Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:03.893{3BF36828-9E9F-61F9-180A-02000000CF01}2128C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x8000000000000000150621328Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:03.893{3BF36828-9E9F-61F9-180A-02000000CF01}2128C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000150621327Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:03.893{3BF36828-9E9F-61F9-180A-02000000CF01}2128C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exeMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8trueSplunk, Inc.Valid 10341000x8000000000000000150621326Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:03.893{3BF36828-4B39-61E8-0C00-00000000CF01}8405416C:\Windows\system32\svchost.exe{3BF36828-4B49-61E8-2A00-00000000CF01}2992C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000150621325Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:03.893{3BF36828-4B39-61E8-0C00-00000000CF01}8405416C:\Windows\system32\svchost.exe{3BF36828-4B49-61E8-2A00-00000000CF01}2992C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000150621324Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:03.893{3BF36828-4B39-61E8-0C00-00000000CF01}8405416C:\Windows\system32\svchost.exe{3BF36828-4B49-61E8-2A00-00000000CF01}2992C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000150621323Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:03.893{3BF36828-4B39-61E8-0C00-00000000CF01}8405416C:\Windows\system32\svchost.exe{3BF36828-4B49-61E8-2A00-00000000CF01}2992C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000150621322Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:03.893{3BF36828-4B36-61E8-0500-00000000CF01}416532C:\Windows\system32\csrss.exe{3BF36828-9E9F-61F9-180A-02000000CF01}2128C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000150621321Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:03.893{3BF36828-4B49-61E8-2D00-00000000CF01}30564072C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3BF36828-9E9F-61F9-180A-02000000CF01}2128C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000150621320Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:03.878{3BF36828-9E9F-61F9-180A-02000000CF01}2128C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{3BF36828-4B37-61E8-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{3BF36828-4B49-61E8-2D00-00000000CF01}3056C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x8000000000000000150621319Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:56:44.915{3BF36828-4B56-61E8-6D00-00000000CF01}4044C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local52401-false10.0.1.12-8000- 23542300x8000000000000000150621318Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:03.143{3BF36828-4B5D-61E8-7600-00000000CF01}3900NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4E8B7D1C787F8EC5B34A917701CC30C3,SHA256=D100BD8F36EC674BF39CFE8C55D05B7393D62B265D64B94EE622514055FED270,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000071065838Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:56:56.752{B81B27B7-4B45-61E8-6600-00000000CE01}4020C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local52546-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000071065840Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:04.987{B81B27B7-4B4D-61E8-6F00-00000000CE01}3156NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C2A7E277F1A9347C1E881E1B4665B041,SHA256=6E645A606D4942C2A0BEB3E4AF6110AA8A69257A50DC166372E088B2AE890C91,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000150621423Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:04.924{3BF36828-4B5D-61E8-7600-00000000CF01}3900NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=AF99F3FE713F290BA41AE37A54DBC77E,SHA256=3D5D1A2653FF6F43B9EA949A95478B314E371153CE58A08635E2F76CCBF26B31,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x8000000000000000150621422Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:04.799{3BF36828-9EA0-61F9-190A-02000000CF01}36482784C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{3BF36828-4B49-61E8-2D00-00000000CF01}3056C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x8000000000000000150621421Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:04.799{3BF36828-9EA0-61F9-190A-02000000CF01}3648C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x8000000000000000150621420Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:04.799{3BF36828-9EA0-61F9-190A-02000000CF01}3648C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x8000000000000000150621419Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:04.596{3BF36828-9EA0-61F9-190A-02000000CF01}3648C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x8000000000000000150621418Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:04.596{3BF36828-9EA0-61F9-190A-02000000CF01}3648C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rsaenh.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=B6E99FD898E948657373BB02708C7C00,SHA256=90476029BD7AB0FEC53AAE567AE53BC0B09C7C5C8C7B8F19485BA872B74ED591,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x8000000000000000150621417Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:04.596{3BF36828-9EA0-61F9-190A-02000000CF01}3648C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x8000000000000000150621416Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:04.596{3BF36828-9EA0-61F9-190A-02000000CF01}3648C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x8000000000000000150621415Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:04.596{3BF36828-9EA0-61F9-190A-02000000CF01}3648C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x8000000000000000150621414Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:04.596{3BF36828-9EA0-61F9-190A-02000000CF01}3648C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x8000000000000000150621413Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:04.596{3BF36828-9EA0-61F9-190A-02000000CF01}3648C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x8000000000000000150621412Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:04.596{3BF36828-9EA0-61F9-190A-02000000CF01}3648C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x8000000000000000150621411Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:04.596{3BF36828-9EA0-61F9-190A-02000000CF01}3648C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x8000000000000000150621410Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:04.580{3BF36828-9EA0-61F9-190A-02000000CF01}3648C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x8000000000000000150621409Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:04.580{3BF36828-9EA0-61F9-190A-02000000CF01}3648C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x8000000000000000150621408Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:04.580{3BF36828-9EA0-61F9-190A-02000000CF01}3648C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x8000000000000000150621407Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:04.580{3BF36828-9EA0-61F9-190A-02000000CF01}3648C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x8000000000000000150621406Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:04.580{3BF36828-9EA0-61F9-190A-02000000CF01}3648C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x8000000000000000150621405Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:04.580{3BF36828-9EA0-61F9-190A-02000000CF01}3648C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x8000000000000000150621404Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:04.580{3BF36828-9EA0-61F9-190A-02000000CF01}3648C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x8000000000000000150621403Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:04.580{3BF36828-9EA0-61F9-190A-02000000CF01}3648C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x8000000000000000150621402Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:04.580{3BF36828-9EA0-61F9-190A-02000000CF01}3648C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x8000000000000000150621401Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:04.580{3BF36828-9EA0-61F9-190A-02000000CF01}3648C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x8000000000000000150621400Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:04.580{3BF36828-9EA0-61F9-190A-02000000CF01}3648C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x8000000000000000150621399Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:04.580{3BF36828-9EA0-61F9-190A-02000000CF01}3648C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x8000000000000000150621398Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:04.580{3BF36828-9EA0-61F9-190A-02000000CF01}3648C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x8000000000000000150621397Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:04.580{3BF36828-9EA0-61F9-190A-02000000CF01}3648C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x8000000000000000150621396Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:04.580{3BF36828-9EA0-61F9-190A-02000000CF01}3648C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\advapi32.dll10.0.14393.2969 (rs1_release.190503-1820)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=F5442C4B9A99C3AED71BED79AC46DAD1,SHA256=05F47403F3BD93FB11F39A5CB4D6E4DD08B35FF4FA3D4969D8E5396D38FB484B,IMPHASH=D2F471BB25AF6310EB67BD4EA99B4DBCtrueMicrosoft WindowsValid 734700x8000000000000000150621395Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:04.580{3BF36828-9EA0-61F9-190A-02000000CF01}3648C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x8000000000000000150621394Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:04.580{3BF36828-9EA0-61F9-190A-02000000CF01}3648C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x8000000000000000150621393Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:04.580{3BF36828-9EA0-61F9-190A-02000000CF01}3648C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x8000000000000000150621392Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:04.580{3BF36828-9EA0-61F9-190A-02000000CF01}3648C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x8000000000000000150621391Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:04.580{3BF36828-9EA0-61F9-190A-02000000CF01}3648C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4350 (rs1_release.210407-2154)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=BC930981DA6E598A6A2E87D8355CB38A,SHA256=34DB9A305C0574B5C1694A499221B520DFB2BFD894D8E95096ABF09F1182D758,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x8000000000000000150621390Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:04.580{3BF36828-9EA0-61F9-190A-02000000CF01}3648C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x8000000000000000150621389Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:04.580{3BF36828-9EA0-61F9-190A-02000000CF01}3648C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\combase.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=88632FDECDE467B887C3594BE2EC545C,SHA256=FFED4D80961917C785063411ED15CED1DB6588AD925E76D72E1BF684FFDBF25D,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x8000000000000000150621388Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:04.580{3BF36828-9EA0-61F9-190A-02000000CF01}3648C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x8000000000000000150621387Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:04.580{3BF36828-9EA0-61F9-190A-02000000CF01}3648C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x8000000000000000150621386Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:04.580{3BF36828-9EA0-61F9-190A-02000000CF01}3648C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x8000000000000000150621385Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:04.580{3BF36828-9EA0-61F9-190A-02000000CF01}3648C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000150621384Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:04.580{3BF36828-9EA0-61F9-190A-02000000CF01}3648C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 10341000x8000000000000000150621383Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:04.580{3BF36828-4B4B-61E8-3600-00000000CF01}34443464C:\Windows\system32\conhost.exe{3BF36828-9EA0-61F9-190A-02000000CF01}3648C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x8000000000000000150621382Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:04.580{3BF36828-9EA0-61F9-190A-02000000CF01}3648C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x8000000000000000150621381Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:04.580{3BF36828-9EA0-61F9-190A-02000000CF01}3648C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x8000000000000000150621380Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:04.580{3BF36828-9EA0-61F9-190A-02000000CF01}3648C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000150621379Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:04.580{3BF36828-9EA0-61F9-190A-02000000CF01}3648C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exeMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165trueSplunk, Inc.Valid 10341000x8000000000000000150621378Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:04.580{3BF36828-4B39-61E8-0C00-00000000CF01}8405416C:\Windows\system32\svchost.exe{3BF36828-4B49-61E8-2A00-00000000CF01}2992C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000150621377Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:04.580{3BF36828-4B39-61E8-0C00-00000000CF01}8405416C:\Windows\system32\svchost.exe{3BF36828-4B49-61E8-2A00-00000000CF01}2992C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000150621376Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:04.580{3BF36828-4B39-61E8-0C00-00000000CF01}8405416C:\Windows\system32\svchost.exe{3BF36828-4B49-61E8-2A00-00000000CF01}2992C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000150621375Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:04.580{3BF36828-4B39-61E8-0C00-00000000CF01}8405416C:\Windows\system32\svchost.exe{3BF36828-4B49-61E8-2A00-00000000CF01}2992C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000150621374Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:04.580{3BF36828-4B36-61E8-0500-00000000CF01}4164876C:\Windows\system32\csrss.exe{3BF36828-9EA0-61F9-190A-02000000CF01}3648C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000150621373Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:04.580{3BF36828-4B49-61E8-2D00-00000000CF01}30564072C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3BF36828-9EA0-61F9-190A-02000000CF01}3648C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000150621372Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:04.565{3BF36828-9EA0-61F9-190A-02000000CF01}3648C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{3BF36828-4B37-61E8-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{3BF36828-4B49-61E8-2D00-00000000CF01}3056C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000150621371Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:04.221{3BF36828-4B5D-61E8-7600-00000000CF01}3900NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4EBCD5953B56156541D2AD36ACECB76A,SHA256=64062A77442DD7735103259FB84970B021F24FADE6B06DF311DFC667DA9D0A76,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x8000000000000000150621370Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:04.098{3BF36828-9E9F-61F9-180A-02000000CF01}2128C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x8000000000000000150621369Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:04.098{3BF36828-9E9F-61F9-180A-02000000CF01}2128C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x8000000000000000150621368Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:04.098{3BF36828-9E9F-61F9-180A-02000000CF01}2128C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 23542300x8000000000000000150621424Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:05.346{3BF36828-4B5D-61E8-7600-00000000CF01}3900NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8CDE4E416F3BD60381FCB4EB2EB1016B,SHA256=233C4D2268EAE070E439315E16F14FA4CE529A6FA7B0F9F070A50DCAE07AF57C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000150621425Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:06.377{3BF36828-4B5D-61E8-7600-00000000CF01}3900NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3661B26A45187C530151E05331905FC1,SHA256=FBDEDEE9BD6A7C8BCECC7312B079DBBB05C29BC8F4329FEA67B5244A80A65179,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000071065841Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:06.034{B81B27B7-4B4D-61E8-6F00-00000000CE01}3156NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=58373AE50C57284DB50A878BC812FA59,SHA256=E7AE65E15748CBCD5E7AB9F86EA28EED3CEE610E415E48BFE24A6120CA938BA2,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000150621426Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:07.393{3BF36828-4B5D-61E8-7600-00000000CF01}3900NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=692A349AC0EB49552587B2E43D5C16C3,SHA256=6AC8959864427AEB8F2686E17C281EE5F9BBD903681D0902556A0D6AD2001796,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000071065842Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:07.253{B81B27B7-4B4D-61E8-6F00-00000000CE01}3156NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F08B7E5C3C1A71B6D45ED22A01DD89AE,SHA256=90F0AE920E159811CA0E8D4A2BA499CF02E821D8626E45B517850981374D2EDE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000150621429Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:08.408{3BF36828-4B5D-61E8-7600-00000000CF01}3900NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A011DFC6877123EEF4AD60FA6D763C4F,SHA256=B2D0706ACF39BB112B79BBB16AC93318665960841FB43C5477D40E72AB180554,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000071065843Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:08.284{B81B27B7-4B4D-61E8-6F00-00000000CE01}3156NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E1875789B78BB1730978852434D90F94,SHA256=F86B56A3F37590404E352E724F6A78584D5734B1473E70797B99AD677EAA8481,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000150621428Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:08.346{3BF36828-4B5D-61E8-7600-00000000CF01}3900NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=4858098CD25E0CACF0C363E6DE2B7D3F,SHA256=8CDE225402B010AF319D0A58845D2CF5DF5D37DDDEE9DC96CCD4F0F850F82EDD,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x8000000000000000150621427Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:08.111{3BF36828-4B37-61E8-0B00-00000000CF01}6324892C:\Windows\system32\lsass.exe{3BF36828-4B33-61E8-0100-00000000CF01}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x800000000000000071065845Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:02.785{B81B27B7-4B45-61E8-6600-00000000CE01}4020C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local52547-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000071065844Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:09.394{B81B27B7-4B4D-61E8-6F00-00000000CE01}3156NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=00E4E3EE04D2D8DD594A95C62B376FB3,SHA256=B100C9FF249C222DFE11D66C7E313334252BC7EF3F7660AB826AC5704F7C28F2,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x8000000000000000150621489Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:09.940{3BF36828-9EA5-61F9-1A0A-02000000CF01}5376C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x8000000000000000150621488Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:09.940{3BF36828-9EA5-61F9-1A0A-02000000CF01}5376C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=B6E99FD898E948657373BB02708C7C00,SHA256=90476029BD7AB0FEC53AAE567AE53BC0B09C7C5C8C7B8F19485BA872B74ED591,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x8000000000000000150621487Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:09.940{3BF36828-9EA5-61F9-1A0A-02000000CF01}5376C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x8000000000000000150621486Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:09.940{3BF36828-9EA5-61F9-1A0A-02000000CF01}5376C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x8000000000000000150621485Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:09.940{3BF36828-9EA5-61F9-1A0A-02000000CF01}5376C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x8000000000000000150621484Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:09.940{3BF36828-9EA5-61F9-1A0A-02000000CF01}5376C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x8000000000000000150621483Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:09.940{3BF36828-9EA5-61F9-1A0A-02000000CF01}5376C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x8000000000000000150621482Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:09.940{3BF36828-9EA5-61F9-1A0A-02000000CF01}5376C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x8000000000000000150621481Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:09.924{3BF36828-9EA5-61F9-1A0A-02000000CF01}5376C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sspicli.dll10.0.14393.2580 (rs1_release_inmarket.181009-1745)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsspicli.dllMD5=5061339CE61C0B32DB8F51A95E3B2422,SHA256=60558CA374334D4C6BBAD475921538C14A9FF3422893348A0503C1F33015FD25,IMPHASH=4B1C9487A6420C18F688F0EC5BEB6F33trueMicrosoft WindowsValid 734700x8000000000000000150621480Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:09.924{3BF36828-9EA5-61F9-1A0A-02000000CF01}5376C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x8000000000000000150621479Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:09.924{3BF36828-9EA5-61F9-1A0A-02000000CF01}5376C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x8000000000000000150621478Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:09.924{3BF36828-9EA5-61F9-1A0A-02000000CF01}5376C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x8000000000000000150621477Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:09.924{3BF36828-9EA5-61F9-1A0A-02000000CF01}5376C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x8000000000000000150621476Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:09.924{3BF36828-9EA5-61F9-1A0A-02000000CF01}5376C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x8000000000000000150621475Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:09.924{3BF36828-9EA5-61F9-1A0A-02000000CF01}5376C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\combase.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=88632FDECDE467B887C3594BE2EC545C,SHA256=FFED4D80961917C785063411ED15CED1DB6588AD925E76D72E1BF684FFDBF25D,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x8000000000000000150621474Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:09.924{3BF36828-9EA5-61F9-1A0A-02000000CF01}5376C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x8000000000000000150621473Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:09.924{3BF36828-9EA5-61F9-1A0A-02000000CF01}5376C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x8000000000000000150621472Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:09.924{3BF36828-9EA5-61F9-1A0A-02000000CF01}5376C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x8000000000000000150621471Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:09.924{3BF36828-9EA5-61F9-1A0A-02000000CF01}5376C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x8000000000000000150621470Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:09.924{3BF36828-9EA5-61F9-1A0A-02000000CF01}5376C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x8000000000000000150621469Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:09.924{3BF36828-9EA5-61F9-1A0A-02000000CF01}5376C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x8000000000000000150621468Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:09.924{3BF36828-9EA5-61F9-1A0A-02000000CF01}5376C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x8000000000000000150621467Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:09.924{3BF36828-9EA5-61F9-1A0A-02000000CF01}5376C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x8000000000000000150621466Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:09.924{3BF36828-9EA5-61F9-1A0A-02000000CF01}5376C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x8000000000000000150621465Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:09.924{3BF36828-9EA5-61F9-1A0A-02000000CF01}5376C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x8000000000000000150621464Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:09.924{3BF36828-9EA5-61F9-1A0A-02000000CF01}5376C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x8000000000000000150621463Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:09.924{3BF36828-9EA5-61F9-1A0A-02000000CF01}5376C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x8000000000000000150621462Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:09.924{3BF36828-9EA5-61F9-1A0A-02000000CF01}5376C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000150621461Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:09.924{3BF36828-9EA5-61F9-1A0A-02000000CF01}5376C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\nsi.dll10.0.14393.3297 (rs1_release_1.191001-1045)NSI User-mode interface DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationnsi.dllMD5=994E2A6D2A0B38E0968B3998E42033AC,SHA256=491F2D1DE09C39B324BCF5800198AC7CCE755F4023F1FEB3854D33716461BC27,IMPHASH=B01B7830101BC0D5FBDE4FFE2B170CF7trueMicrosoft WindowsValid 734700x8000000000000000150621460Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:09.924{3BF36828-9EA5-61F9-1A0A-02000000CF01}5376C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x8000000000000000150621459Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:09.924{3BF36828-9EA5-61F9-1A0A-02000000CF01}5376C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x8000000000000000150621458Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:09.924{3BF36828-9EA5-61F9-1A0A-02000000CF01}5376C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x8000000000000000150621457Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:09.924{3BF36828-9EA5-61F9-1A0A-02000000CF01}5376C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dnsapi.dll10.0.14393.4350 (rs1_release.210407-2154)DNS Client API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationdnsapiMD5=D7651F99299B13D576A72643BFC44944,SHA256=589302E630C473DBDF4CE92C59F00B029FCA0C228E7111A764166E16025FA1A9,IMPHASH=3C043C6FF0F62DAEB8819606F79C5ECCtrueMicrosoft WindowsValid 734700x8000000000000000150621456Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:09.924{3BF36828-9EA5-61F9-1A0A-02000000CF01}5376C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\IPHLPAPI.DLL10.0.14393.2339 (rs1_release_inmarket.180611-1502)IP Helper APIMicrosoft® Windows® Operating SystemMicrosoft Corporationiphlpapi.dllMD5=3CD38EDF9CA12F91131EDEE32D1C9DF5,SHA256=AF2440640BF8BDEAAF0DECDD7C354158E415ED0AA340ABA7A6CCCDC09C1E728B,IMPHASH=98738BA55485CCA932F6D222F47FFC55trueMicrosoft WindowsValid 734700x8000000000000000150621455Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:09.924{3BF36828-9EA5-61F9-1A0A-02000000CF01}5376C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x8000000000000000150621454Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:09.924{3BF36828-9EA5-61F9-1A0A-02000000CF01}5376C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5,IMPHASH=0D8FF9DE2DA5C07D680347B1A098E759trueMicrosoft WindowsValid 734700x8000000000000000150621453Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:09.924{3BF36828-9EA5-61F9-1A0A-02000000CF01}5376C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\advapi32.dll10.0.14393.2969 (rs1_release.190503-1820)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=F5442C4B9A99C3AED71BED79AC46DAD1,SHA256=05F47403F3BD93FB11F39A5CB4D6E4DD08B35FF4FA3D4969D8E5396D38FB484B,IMPHASH=D2F471BB25AF6310EB67BD4EA99B4DBCtrueMicrosoft WindowsValid 734700x8000000000000000150621452Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:09.924{3BF36828-9EA5-61F9-1A0A-02000000CF01}5376C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4350 (rs1_release.210407-2154)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=BC930981DA6E598A6A2E87D8355CB38A,SHA256=34DB9A305C0574B5C1694A499221B520DFB2BFD894D8E95096ABF09F1182D758,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x8000000000000000150621451Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:09.924{3BF36828-9EA5-61F9-1A0A-02000000CF01}5376C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x8000000000000000150621450Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:09.924{3BF36828-9EA5-61F9-1A0A-02000000CF01}5376C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 10341000x8000000000000000150621449Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:09.924{3BF36828-4B4B-61E8-3600-00000000CF01}34443464C:\Windows\system32\conhost.exe{3BF36828-9EA5-61F9-1A0A-02000000CF01}5376C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x8000000000000000150621448Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:09.924{3BF36828-9EA5-61F9-1A0A-02000000CF01}5376C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x8000000000000000150621447Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:09.924{3BF36828-9EA5-61F9-1A0A-02000000CF01}5376C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x8000000000000000150621446Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:09.924{3BF36828-9EA5-61F9-1A0A-02000000CF01}5376C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000150621445Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:09.924{3BF36828-9EA5-61F9-1A0A-02000000CF01}5376C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exeMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AECtrueSplunk, Inc.Valid 10341000x8000000000000000150621444Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:09.924{3BF36828-4B39-61E8-0C00-00000000CF01}8405416C:\Windows\system32\svchost.exe{3BF36828-4B49-61E8-2A00-00000000CF01}2992C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000150621443Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:09.924{3BF36828-4B39-61E8-0C00-00000000CF01}8405416C:\Windows\system32\svchost.exe{3BF36828-4B49-61E8-2A00-00000000CF01}2992C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000150621442Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:09.924{3BF36828-4B39-61E8-0C00-00000000CF01}8405416C:\Windows\system32\svchost.exe{3BF36828-4B49-61E8-2A00-00000000CF01}2992C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000150621441Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:09.924{3BF36828-4B39-61E8-0C00-00000000CF01}8405416C:\Windows\system32\svchost.exe{3BF36828-4B49-61E8-2A00-00000000CF01}2992C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000150621440Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:09.924{3BF36828-4B36-61E8-0500-00000000CF01}4164876C:\Windows\system32\csrss.exe{3BF36828-9EA5-61F9-1A0A-02000000CF01}5376C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000150621439Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:09.924{3BF36828-4B49-61E8-2D00-00000000CF01}30564072C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3BF36828-9EA5-61F9-1A0A-02000000CF01}5376C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000150621438Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:09.909{3BF36828-9EA5-61F9-1A0A-02000000CF01}5376C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{3BF36828-4B37-61E8-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{3BF36828-4B49-61E8-2D00-00000000CF01}3056C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000150621437Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:09.424{3BF36828-4B5D-61E8-7600-00000000CF01}3900NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=807FF11BA284DCC80015B2C5FCE937AA,SHA256=C48832F3E741E44956A68751C6DDDF462AB56F5C6947587495B3FBBEE302F899,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x8000000000000000150621436Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:56:51.790{3BF36828-4B33-61E8-0100-00000000CF01}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:b574:557a:2d92:ce61win-dc-128.attackrange.local52405-truefe80:0:0:0:b574:557a:2d92:ce61win-dc-128.attackrange.local445microsoft-ds 354300x8000000000000000150621435Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:56:51.790{3BF36828-4B33-61E8-0100-00000000CF01}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:b574:557a:2d92:ce61win-dc-128.attackrange.local52405-truefe80:0:0:0:b574:557a:2d92:ce61win-dc-128.attackrange.local445microsoft-ds 354300x8000000000000000150621434Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:56:51.689{3BF36828-4B37-61E8-0B00-00000000CF01}632C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-128.attackrange.local52404-false10.0.1.14win-dc-128.attackrange.local389ldap 354300x8000000000000000150621433Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:56:51.689{3BF36828-4B3A-61E8-1600-00000000CF01}1300C:\Windows\System32\svchost.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local52404-false10.0.1.14win-dc-128.attackrange.local389ldap 354300x8000000000000000150621432Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:56:51.679{3BF36828-4B37-61E8-0B00-00000000CF01}632C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:b574:557a:2d92:ce61win-dc-128.attackrange.local52403-truefe80:0:0:0:b574:557a:2d92:ce61win-dc-128.attackrange.local389ldap 354300x8000000000000000150621431Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:56:51.679{3BF36828-4B3A-61E8-1600-00000000CF01}1300C:\Windows\System32\svchost.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:b574:557a:2d92:ce61win-dc-128.attackrange.local52403-truefe80:0:0:0:b574:557a:2d92:ce61win-dc-128.attackrange.local389ldap 354300x8000000000000000150621430Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:56:50.879{3BF36828-4B56-61E8-6D00-00000000CF01}4044C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local52402-false10.0.1.12-8000- 10341000x800000000000000071065862Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:10.894{B81B27B7-4B3C-61E8-3000-00000000CE01}31083128C:\Windows\system32\conhost.exe{B81B27B7-9EA6-61F9-B609-02000000CE01}4580C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071065861Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:10.894{B81B27B7-4B39-61E8-0C00-00000000CE01}7363692C:\Windows\system32\svchost.exe{B81B27B7-4B3A-61E8-1F00-00000000CE01}2004C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071065860Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:10.894{B81B27B7-4B39-61E8-0C00-00000000CE01}7363692C:\Windows\system32\svchost.exe{B81B27B7-4B3A-61E8-1F00-00000000CE01}2004C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071065859Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:10.894{B81B27B7-4B39-61E8-0C00-00000000CE01}7363692C:\Windows\system32\svchost.exe{B81B27B7-4B3A-61E8-1F00-00000000CE01}2004C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071065858Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:10.894{B81B27B7-4B39-61E8-0C00-00000000CE01}7363692C:\Windows\system32\svchost.exe{B81B27B7-4B3A-61E8-1F00-00000000CE01}2004C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071065857Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:10.894{B81B27B7-4B38-61E8-0500-00000000CE01}420540C:\Windows\system32\csrss.exe{B81B27B7-9EA6-61F9-B609-02000000CE01}4580C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000071065856Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:10.894{B81B27B7-4B3A-61E8-2600-00000000CE01}21723992C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{B81B27B7-9EA6-61F9-B609-02000000CE01}4580C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000071065855Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:10.879{B81B27B7-9EA6-61F9-B609-02000000CE01}4580C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{B81B27B7-4B39-61E8-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{B81B27B7-4B3A-61E8-2600-00000000CE01}2172C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000071065854Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:10.503{B81B27B7-4B4D-61E8-6F00-00000000CE01}3156NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=56F7E310C683F182358428AC3AC0F01D,SHA256=6339AA8006BB4DECCC54BD286FEE83FD6A83C5093DAD9CFFB5BF4ADDF21A6445,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000150621574Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:10.955{3BF36828-4B5D-61E8-7600-00000000CF01}3900NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B718B08DB51D22BBB550CA1F5467936D,SHA256=51F5A3A45C48FB536797B49B4DF19D153CCD10ACE33185782CBA709146FDE9B1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000150621573Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:10.893{3BF36828-4B5D-61E8-7600-00000000CF01}3900NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E836CD033611994D67CDE327A157AA76,SHA256=105F108F753510DEA758A32911B4FE321E8F6628EC277DE643B328A3CD71DFA8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x8000000000000000150621572Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:10.861{3BF36828-4B39-61E8-0D00-00000000CF01}900920C:\Windows\system32\svchost.exe{3BF36828-0669-61F8-11DA-01000000CF01}6068C:\Windows\explorer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000150621571Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:10.861{3BF36828-4B39-61E8-0D00-00000000CF01}900920C:\Windows\system32\svchost.exe{3BF36828-0669-61F8-11DA-01000000CF01}6068C:\Windows\explorer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000150621570Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:10.861{3BF36828-4B39-61E8-0D00-00000000CF01}900920C:\Windows\system32\svchost.exe{3BF36828-0669-61F8-11DA-01000000CF01}6068C:\Windows\explorer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000150621569Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:10.861{3BF36828-4B39-61E8-0D00-00000000CF01}900920C:\Windows\system32\svchost.exe{3BF36828-0669-61F8-11DA-01000000CF01}6068C:\Windows\explorer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000150621568Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:10.861{3BF36828-4B39-61E8-0D00-00000000CF01}900920C:\Windows\system32\svchost.exe{3BF36828-0669-61F8-11DA-01000000CF01}6068C:\Windows\explorer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000150621567Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:10.861{3BF36828-4B39-61E8-0D00-00000000CF01}900920C:\Windows\system32\svchost.exe{3BF36828-0669-61F8-11DA-01000000CF01}6068C:\Windows\explorer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000150621566Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:10.861{3BF36828-4B39-61E8-0D00-00000000CF01}900920C:\Windows\system32\svchost.exe{3BF36828-0669-61F8-11DA-01000000CF01}6068C:\Windows\explorer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000150621565Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:10.861{3BF36828-4B39-61E8-0D00-00000000CF01}900920C:\Windows\system32\svchost.exe{3BF36828-0669-61F8-11DA-01000000CF01}6068C:\Windows\explorer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000150621564Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:10.861{3BF36828-4B39-61E8-0D00-00000000CF01}900920C:\Windows\system32\svchost.exe{3BF36828-0669-61F8-11DA-01000000CF01}6068C:\Windows\explorer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000150621563Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:10.861{3BF36828-4B39-61E8-0D00-00000000CF01}900920C:\Windows\system32\svchost.exe{3BF36828-0669-61F8-11DA-01000000CF01}6068C:\Windows\explorer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000150621562Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:10.861{3BF36828-4B39-61E8-0D00-00000000CF01}900920C:\Windows\system32\svchost.exe{3BF36828-0669-61F8-11DA-01000000CF01}6068C:\Windows\explorer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000150621561Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:10.861{3BF36828-4B39-61E8-0D00-00000000CF01}900920C:\Windows\system32\svchost.exe{3BF36828-0669-61F8-11DA-01000000CF01}6068C:\Windows\explorer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000150621560Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:10.861{3BF36828-4B39-61E8-0D00-00000000CF01}900920C:\Windows\system32\svchost.exe{3BF36828-0669-61F8-11DA-01000000CF01}6068C:\Windows\explorer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000150621559Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:10.861{3BF36828-4B39-61E8-0D00-00000000CF01}900920C:\Windows\system32\svchost.exe{3BF36828-0669-61F8-11DA-01000000CF01}6068C:\Windows\explorer.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000150621558Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:10.861{3BF36828-4B39-61E8-0D00-00000000CF01}900920C:\Windows\system32\svchost.exe{3BF36828-066A-61F8-13DA-01000000CF01}3168C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000150621557Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:10.861{3BF36828-4B39-61E8-0D00-00000000CF01}900920C:\Windows\system32\svchost.exe{3BF36828-066A-61F8-13DA-01000000CF01}3168C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000150621556Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:10.861{3BF36828-4B39-61E8-0D00-00000000CF01}900920C:\Windows\system32\svchost.exe{3BF36828-066A-61F8-13DA-01000000CF01}3168C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000150621555Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:10.861{3BF36828-4B39-61E8-0D00-00000000CF01}900920C:\Windows\system32\svchost.exe{3BF36828-066A-61F8-13DA-01000000CF01}3168C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000150621554Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:10.861{3BF36828-4B39-61E8-0D00-00000000CF01}900920C:\Windows\system32\svchost.exe{3BF36828-066A-61F8-13DA-01000000CF01}3168C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000150621553Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:10.861{3BF36828-4B39-61E8-0D00-00000000CF01}900920C:\Windows\system32\svchost.exe{3BF36828-066A-61F8-13DA-01000000CF01}3168C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000150621552Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:10.861{3BF36828-4B39-61E8-0D00-00000000CF01}900920C:\Windows\system32\svchost.exe{3BF36828-066A-61F8-12DA-01000000CF01}6088C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000150621551Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:10.861{3BF36828-4B39-61E8-0D00-00000000CF01}900920C:\Windows\system32\svchost.exe{3BF36828-066A-61F8-12DA-01000000CF01}6088C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000150621550Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:10.861{3BF36828-4B39-61E8-0D00-00000000CF01}900920C:\Windows\system32\svchost.exe{3BF36828-066A-61F8-12DA-01000000CF01}6088C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000150621549Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:10.861{3BF36828-4B39-61E8-0D00-00000000CF01}900920C:\Windows\system32\svchost.exe{3BF36828-066A-61F8-12DA-01000000CF01}6088C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000150621548Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:10.861{3BF36828-4B39-61E8-0D00-00000000CF01}900920C:\Windows\system32\svchost.exe{3BF36828-066A-61F8-12DA-01000000CF01}6088C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000150621547Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:10.861{3BF36828-4B39-61E8-0D00-00000000CF01}900920C:\Windows\system32\svchost.exe{3BF36828-066A-61F8-12DA-01000000CF01}6088C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000150621546Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:10.861{3BF36828-4B39-61E8-0D00-00000000CF01}900920C:\Windows\system32\svchost.exe{3BF36828-066A-61F8-12DA-01000000CF01}6088C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x8000000000000000150621545Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:10.721{3BF36828-9EA6-61F9-1B0A-02000000CF01}5276C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 10341000x8000000000000000150621544Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:10.721{3BF36828-9EA6-61F9-1B0A-02000000CF01}52764456C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{3BF36828-4B49-61E8-2D00-00000000CF01}3056C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x8000000000000000150621543Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:10.705{3BF36828-9EA6-61F9-1B0A-02000000CF01}5276C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x8000000000000000150621542Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:10.705{3BF36828-9EA6-61F9-1B0A-02000000CF01}5276C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x8000000000000000150621541Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:10.580{3BF36828-9EA6-61F9-1B0A-02000000CF01}5276C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x8000000000000000150621540Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:10.580{3BF36828-9EA6-61F9-1B0A-02000000CF01}5276C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=B6E99FD898E948657373BB02708C7C00,SHA256=90476029BD7AB0FEC53AAE567AE53BC0B09C7C5C8C7B8F19485BA872B74ED591,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x8000000000000000150621539Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:10.565{3BF36828-9EA6-61F9-1B0A-02000000CF01}5276C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x8000000000000000150621538Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:10.565{3BF36828-9EA6-61F9-1B0A-02000000CF01}5276C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x8000000000000000150621537Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:10.565{3BF36828-9EA6-61F9-1B0A-02000000CF01}5276C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x8000000000000000150621536Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:10.565{3BF36828-9EA6-61F9-1B0A-02000000CF01}5276C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x8000000000000000150621535Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:10.565{3BF36828-9EA6-61F9-1B0A-02000000CF01}5276C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x8000000000000000150621534Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:10.565{3BF36828-9EA6-61F9-1B0A-02000000CF01}5276C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x8000000000000000150621533Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:10.565{3BF36828-9EA6-61F9-1B0A-02000000CF01}5276C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x8000000000000000150621532Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:10.565{3BF36828-9EA6-61F9-1B0A-02000000CF01}5276C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x8000000000000000150621531Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:10.565{3BF36828-9EA6-61F9-1B0A-02000000CF01}5276C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x8000000000000000150621530Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:10.565{3BF36828-9EA6-61F9-1B0A-02000000CF01}5276C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x8000000000000000150621529Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:10.565{3BF36828-9EA6-61F9-1B0A-02000000CF01}5276C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x8000000000000000150621528Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:10.565{3BF36828-9EA6-61F9-1B0A-02000000CF01}5276C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x8000000000000000150621527Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:10.565{3BF36828-9EA6-61F9-1B0A-02000000CF01}5276C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\combase.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=88632FDECDE467B887C3594BE2EC545C,SHA256=FFED4D80961917C785063411ED15CED1DB6588AD925E76D72E1BF684FFDBF25D,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x8000000000000000150621526Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:10.565{3BF36828-9EA6-61F9-1B0A-02000000CF01}5276C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x8000000000000000150621525Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:10.565{3BF36828-9EA6-61F9-1B0A-02000000CF01}5276C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x8000000000000000150621524Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:10.565{3BF36828-9EA6-61F9-1B0A-02000000CF01}5276C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x8000000000000000150621523Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:10.565{3BF36828-9EA6-61F9-1B0A-02000000CF01}5276C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000150621522Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:10.565{3BF36828-9EA6-61F9-1B0A-02000000CF01}5276C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x8000000000000000150621521Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:10.565{3BF36828-9EA6-61F9-1B0A-02000000CF01}5276C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x8000000000000000150621520Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:10.565{3BF36828-9EA6-61F9-1B0A-02000000CF01}5276C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x8000000000000000150621519Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:10.565{3BF36828-9EA6-61F9-1B0A-02000000CF01}5276C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x8000000000000000150621518Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:10.565{3BF36828-9EA6-61F9-1B0A-02000000CF01}5276C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x8000000000000000150621517Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:10.565{3BF36828-9EA6-61F9-1B0A-02000000CF01}5276C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x8000000000000000150621516Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:10.549{3BF36828-9EA6-61F9-1B0A-02000000CF01}5276C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4350 (rs1_release.210407-2154)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=BC930981DA6E598A6A2E87D8355CB38A,SHA256=34DB9A305C0574B5C1694A499221B520DFB2BFD894D8E95096ABF09F1182D758,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x8000000000000000150621515Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:10.549{3BF36828-9EA6-61F9-1B0A-02000000CF01}5276C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x8000000000000000150621514Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:10.549{3BF36828-9EA6-61F9-1B0A-02000000CF01}5276C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x8000000000000000150621513Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:10.549{3BF36828-9EA6-61F9-1B0A-02000000CF01}5276C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x8000000000000000150621512Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:10.549{3BF36828-9EA6-61F9-1B0A-02000000CF01}5276C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x8000000000000000150621511Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:10.549{3BF36828-9EA6-61F9-1B0A-02000000CF01}5276C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x8000000000000000150621510Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:10.549{3BF36828-9EA6-61F9-1B0A-02000000CF01}5276C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x8000000000000000150621509Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:10.549{3BF36828-9EA6-61F9-1B0A-02000000CF01}5276C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x8000000000000000150621508Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:10.549{3BF36828-9EA6-61F9-1B0A-02000000CF01}5276C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x8000000000000000150621507Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:10.549{3BF36828-9EA6-61F9-1B0A-02000000CF01}5276C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\secur32.dll10.0.14393.2273 (rs1_release_1.180427-1811)Security Support Provider InterfaceMicrosoft® Windows® Operating SystemMicrosoft Corporationsecur32.dllMD5=BCF1B2F76F8A3A3E9E8F4D4322954651,SHA256=46B327CD50E728CBC22BD80F39DCEF2789AB780C77B6D285EEB90126B06EEEB5,IMPHASH=0D8FF9DE2DA5C07D680347B1A098E759trueMicrosoft WindowsValid 734700x8000000000000000150621506Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:10.549{3BF36828-9EA6-61F9-1B0A-02000000CF01}5276C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\advapi32.dll10.0.14393.2969 (rs1_release.190503-1820)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=F5442C4B9A99C3AED71BED79AC46DAD1,SHA256=05F47403F3BD93FB11F39A5CB4D6E4DD08B35FF4FA3D4969D8E5396D38FB484B,IMPHASH=D2F471BB25AF6310EB67BD4EA99B4DBCtrueMicrosoft WindowsValid 10341000x8000000000000000150621505Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:10.549{3BF36828-4B4B-61E8-3600-00000000CF01}34443464C:\Windows\system32\conhost.exe{3BF36828-9EA6-61F9-1B0A-02000000CF01}5276C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x8000000000000000150621504Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:10.549{3BF36828-9EA6-61F9-1B0A-02000000CF01}5276C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x8000000000000000150621503Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:10.549{3BF36828-9EA6-61F9-1B0A-02000000CF01}5276C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x8000000000000000150621502Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:10.549{3BF36828-9EA6-61F9-1B0A-02000000CF01}5276C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000150621501Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:10.549{3BF36828-9EA6-61F9-1B0A-02000000CF01}5276C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exeMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25trueSplunk, Inc.Valid 10341000x8000000000000000150621500Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:10.549{3BF36828-4B39-61E8-0C00-00000000CF01}8405416C:\Windows\system32\svchost.exe{3BF36828-4B49-61E8-2A00-00000000CF01}2992C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000150621499Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:10.549{3BF36828-4B39-61E8-0C00-00000000CF01}8405416C:\Windows\system32\svchost.exe{3BF36828-4B49-61E8-2A00-00000000CF01}2992C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000150621498Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:10.549{3BF36828-4B39-61E8-0C00-00000000CF01}8405416C:\Windows\system32\svchost.exe{3BF36828-4B49-61E8-2A00-00000000CF01}2992C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000150621497Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:10.549{3BF36828-4B39-61E8-0C00-00000000CF01}8405416C:\Windows\system32\svchost.exe{3BF36828-4B49-61E8-2A00-00000000CF01}2992C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000150621496Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:10.549{3BF36828-4B36-61E8-0500-00000000CF01}4164876C:\Windows\system32\csrss.exe{3BF36828-9EA6-61F9-1B0A-02000000CF01}5276C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000150621495Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:10.549{3BF36828-4B49-61E8-2D00-00000000CF01}30564072C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3BF36828-9EA6-61F9-1B0A-02000000CF01}5276C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000150621494Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:10.537{3BF36828-9EA6-61F9-1B0A-02000000CF01}5276C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{3BF36828-4B37-61E8-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{3BF36828-4B49-61E8-2D00-00000000CF01}3056C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000150621493Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:10.533{3BF36828-4B5D-61E8-7600-00000000CF01}3900NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E08A8D95B43EB251851D28B511DEB36C,SHA256=B44901DF97FDE5A812237868EE67B6182582465D8E99F51985BFD392339E1F22,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000071065853Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:10.378{B81B27B7-4B3C-61E8-3000-00000000CE01}31083128C:\Windows\system32\conhost.exe{B81B27B7-9EA6-61F9-B509-02000000CE01}1016C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071065852Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:10.378{B81B27B7-4B38-61E8-0500-00000000CE01}4201000C:\Windows\system32\csrss.exe{B81B27B7-9EA6-61F9-B509-02000000CE01}1016C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000071065851Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:10.378{B81B27B7-4B39-61E8-0C00-00000000CE01}7363692C:\Windows\system32\svchost.exe{B81B27B7-4B3A-61E8-1F00-00000000CE01}2004C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071065850Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:10.378{B81B27B7-4B39-61E8-0C00-00000000CE01}7363692C:\Windows\system32\svchost.exe{B81B27B7-4B3A-61E8-1F00-00000000CE01}2004C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071065849Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:10.378{B81B27B7-4B39-61E8-0C00-00000000CE01}7363692C:\Windows\system32\svchost.exe{B81B27B7-4B3A-61E8-1F00-00000000CE01}2004C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071065848Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:10.378{B81B27B7-4B39-61E8-0C00-00000000CE01}7363692C:\Windows\system32\svchost.exe{B81B27B7-4B3A-61E8-1F00-00000000CE01}2004C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071065847Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:10.378{B81B27B7-4B3A-61E8-2600-00000000CE01}21723992C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{B81B27B7-9EA6-61F9-B509-02000000CE01}1016C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000071065846Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:10.363{B81B27B7-9EA6-61F9-B509-02000000CE01}1016C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{B81B27B7-4B39-61E8-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{B81B27B7-4B3A-61E8-2600-00000000CE01}2172C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 734700x8000000000000000150621492Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:10.111{3BF36828-9EA5-61F9-1A0A-02000000CF01}5376C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x8000000000000000150621491Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:10.111{3BF36828-9EA5-61F9-1A0A-02000000CF01}5376C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x8000000000000000150621490Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:10.111{3BF36828-9EA5-61F9-1A0A-02000000CF01}5376C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x8000000000000000150621674Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:11.940{3BF36828-9EA7-61F9-1D0A-02000000CF01}1608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x8000000000000000150621673Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:11.940{3BF36828-9EA7-61F9-1D0A-02000000CF01}1608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=B6E99FD898E948657373BB02708C7C00,SHA256=90476029BD7AB0FEC53AAE567AE53BC0B09C7C5C8C7B8F19485BA872B74ED591,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x8000000000000000150621672Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:11.940{3BF36828-9EA7-61F9-1D0A-02000000CF01}1608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x8000000000000000150621671Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:11.940{3BF36828-9EA7-61F9-1D0A-02000000CF01}1608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x8000000000000000150621670Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:11.940{3BF36828-9EA7-61F9-1D0A-02000000CF01}1608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x8000000000000000150621669Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:11.940{3BF36828-9EA7-61F9-1D0A-02000000CF01}1608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x8000000000000000150621668Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:11.940{3BF36828-9EA7-61F9-1D0A-02000000CF01}1608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x8000000000000000150621667Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:11.940{3BF36828-9EA7-61F9-1D0A-02000000CF01}1608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x8000000000000000150621666Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:11.940{3BF36828-9EA7-61F9-1D0A-02000000CF01}1608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x8000000000000000150621665Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:11.940{3BF36828-9EA7-61F9-1D0A-02000000CF01}1608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x8000000000000000150621664Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:11.940{3BF36828-9EA7-61F9-1D0A-02000000CF01}1608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x8000000000000000150621663Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:11.940{3BF36828-9EA7-61F9-1D0A-02000000CF01}1608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x8000000000000000150621662Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:11.924{3BF36828-9EA7-61F9-1D0A-02000000CF01}1608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x8000000000000000150621661Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:11.924{3BF36828-9EA7-61F9-1D0A-02000000CF01}1608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=88632FDECDE467B887C3594BE2EC545C,SHA256=FFED4D80961917C785063411ED15CED1DB6588AD925E76D72E1BF684FFDBF25D,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x8000000000000000150621660Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:11.924{3BF36828-9EA7-61F9-1D0A-02000000CF01}1608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000150621659Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:11.924{3BF36828-9EA7-61F9-1D0A-02000000CF01}1608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x8000000000000000150621658Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:11.924{3BF36828-9EA7-61F9-1D0A-02000000CF01}1608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x8000000000000000150621657Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:11.924{3BF36828-9EA7-61F9-1D0A-02000000CF01}1608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x8000000000000000150621656Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:11.924{3BF36828-9EA7-61F9-1D0A-02000000CF01}1608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x8000000000000000150621655Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:11.924{3BF36828-9EA7-61F9-1D0A-02000000CF01}1608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x8000000000000000150621654Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:11.924{3BF36828-9EA7-61F9-1D0A-02000000CF01}1608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x8000000000000000150621653Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:11.924{3BF36828-9EA7-61F9-1D0A-02000000CF01}1608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x8000000000000000150621652Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:11.924{3BF36828-9EA7-61F9-1D0A-02000000CF01}1608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x8000000000000000150621651Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:11.924{3BF36828-9EA7-61F9-1D0A-02000000CF01}1608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x8000000000000000150621650Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:11.924{3BF36828-9EA7-61F9-1D0A-02000000CF01}1608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x8000000000000000150621649Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:11.924{3BF36828-9EA7-61F9-1D0A-02000000CF01}1608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4350 (rs1_release.210407-2154)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=BC930981DA6E598A6A2E87D8355CB38A,SHA256=34DB9A305C0574B5C1694A499221B520DFB2BFD894D8E95096ABF09F1182D758,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x8000000000000000150621648Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:11.924{3BF36828-9EA7-61F9-1D0A-02000000CF01}1608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x8000000000000000150621647Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:11.924{3BF36828-9EA7-61F9-1D0A-02000000CF01}1608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x8000000000000000150621646Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:11.924{3BF36828-9EA7-61F9-1D0A-02000000CF01}1608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x8000000000000000150621645Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:11.924{3BF36828-9EA7-61F9-1D0A-02000000CF01}1608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x8000000000000000150621644Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:11.924{3BF36828-9EA7-61F9-1D0A-02000000CF01}1608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x8000000000000000150621643Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:11.924{3BF36828-9EA7-61F9-1D0A-02000000CF01}1608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x8000000000000000150621642Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:11.924{3BF36828-9EA7-61F9-1D0A-02000000CF01}1608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x8000000000000000150621641Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:11.924{3BF36828-9EA7-61F9-1D0A-02000000CF01}1608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x8000000000000000150621640Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:11.924{3BF36828-9EA7-61F9-1D0A-02000000CF01}1608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.2969 (rs1_release.190503-1820)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=F5442C4B9A99C3AED71BED79AC46DAD1,SHA256=05F47403F3BD93FB11F39A5CB4D6E4DD08B35FF4FA3D4969D8E5396D38FB484B,IMPHASH=D2F471BB25AF6310EB67BD4EA99B4DBCtrueMicrosoft WindowsValid 10341000x8000000000000000150621639Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:11.924{3BF36828-4B4B-61E8-3600-00000000CF01}34443464C:\Windows\system32\conhost.exe{3BF36828-9EA7-61F9-1D0A-02000000CF01}1608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x8000000000000000150621638Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:11.924{3BF36828-9EA7-61F9-1D0A-02000000CF01}1608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x8000000000000000150621637Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:11.924{3BF36828-9EA7-61F9-1D0A-02000000CF01}1608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x8000000000000000150621636Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:11.924{3BF36828-9EA7-61F9-1D0A-02000000CF01}1608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000150621635Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:11.924{3BF36828-9EA7-61F9-1D0A-02000000CF01}1608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1CtrueSplunk, Inc.Valid 10341000x8000000000000000150621634Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:11.924{3BF36828-4B36-61E8-0500-00000000CF01}416432C:\Windows\system32\csrss.exe{3BF36828-9EA7-61F9-1D0A-02000000CF01}1608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000150621633Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:11.924{3BF36828-4B39-61E8-0C00-00000000CF01}8405416C:\Windows\system32\svchost.exe{3BF36828-4B49-61E8-2A00-00000000CF01}2992C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000150621632Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:11.924{3BF36828-4B39-61E8-0C00-00000000CF01}8405416C:\Windows\system32\svchost.exe{3BF36828-4B49-61E8-2A00-00000000CF01}2992C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000150621631Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:11.924{3BF36828-4B39-61E8-0C00-00000000CF01}8405416C:\Windows\system32\svchost.exe{3BF36828-4B49-61E8-2A00-00000000CF01}2992C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000150621630Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:11.924{3BF36828-4B39-61E8-0C00-00000000CF01}8405416C:\Windows\system32\svchost.exe{3BF36828-4B49-61E8-2A00-00000000CF01}2992C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000150621629Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:11.924{3BF36828-4B49-61E8-2D00-00000000CF01}30564072C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3BF36828-9EA7-61F9-1D0A-02000000CF01}1608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000150621628Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:11.909{3BF36828-9EA7-61F9-1D0A-02000000CF01}1608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{3BF36828-4B37-61E8-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{3BF36828-4B49-61E8-2D00-00000000CF01}3056C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000150621627Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:11.565{3BF36828-4B5D-61E8-7600-00000000CF01}3900NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=945A40A489013C6A2CD5BED1F754C8B6,SHA256=3F19171DBBDCCC02068CE1D797DCF0C523850E3F8DC5E42C5A365E6FDD1B6059,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000071065874Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:11.722{B81B27B7-9EA7-61F9-B709-02000000CE01}31001212C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{B81B27B7-4B3A-61E8-2600-00000000CE01}2172C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000071065873Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:11.628{B81B27B7-4B4D-61E8-6F00-00000000CE01}3156NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A993EAD5C4A85B1304F5E55660901EE5,SHA256=BA3317DC7F61AA2C3D30716E9A093073E97866BE28C8DE734D241FB2EA7E6B63,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x8000000000000000150621626Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:11.424{3BF36828-9EA7-61F9-1C0A-02000000CF01}1064C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 10341000x8000000000000000150621625Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:11.424{3BF36828-9EA7-61F9-1C0A-02000000CF01}10644604C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{3BF36828-4B49-61E8-2D00-00000000CF01}3056C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x8000000000000000150621624Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:11.424{3BF36828-9EA7-61F9-1C0A-02000000CF01}1064C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x8000000000000000150621623Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:11.424{3BF36828-9EA7-61F9-1C0A-02000000CF01}1064C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 23542300x8000000000000000150621622Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:11.346{3BF36828-4B5D-61E8-7600-00000000CF01}3900NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=88063D66659DE2A1C33607C66E11F9E1,SHA256=9D8AE59040FB5AFF2FA7C376B8F3252A8EB6CBAC771F6F2954FBEB06304302CD,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x8000000000000000150621621Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:11.268{3BF36828-9EA7-61F9-1C0A-02000000CF01}1064C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x8000000000000000150621620Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:11.268{3BF36828-9EA7-61F9-1C0A-02000000CF01}1064C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rsaenh.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=B6E99FD898E948657373BB02708C7C00,SHA256=90476029BD7AB0FEC53AAE567AE53BC0B09C7C5C8C7B8F19485BA872B74ED591,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x8000000000000000150621619Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:11.268{3BF36828-9EA7-61F9-1C0A-02000000CF01}1064C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x8000000000000000150621618Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:11.268{3BF36828-9EA7-61F9-1C0A-02000000CF01}1064C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x8000000000000000150621617Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:11.252{3BF36828-9EA7-61F9-1C0A-02000000CF01}1064C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x8000000000000000150621616Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:11.252{3BF36828-9EA7-61F9-1C0A-02000000CF01}1064C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x8000000000000000150621615Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:11.252{3BF36828-9EA7-61F9-1C0A-02000000CF01}1064C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x8000000000000000150621614Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:11.252{3BF36828-9EA7-61F9-1C0A-02000000CF01}1064C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x8000000000000000150621613Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:11.252{3BF36828-9EA7-61F9-1C0A-02000000CF01}1064C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x8000000000000000150621612Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:11.252{3BF36828-9EA7-61F9-1C0A-02000000CF01}1064C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x8000000000000000150621611Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:11.252{3BF36828-9EA7-61F9-1C0A-02000000CF01}1064C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x8000000000000000150621610Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:11.252{3BF36828-9EA7-61F9-1C0A-02000000CF01}1064C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x8000000000000000150621609Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:11.252{3BF36828-9EA7-61F9-1C0A-02000000CF01}1064C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\combase.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=88632FDECDE467B887C3594BE2EC545C,SHA256=FFED4D80961917C785063411ED15CED1DB6588AD925E76D72E1BF684FFDBF25D,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x8000000000000000150621608Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:11.252{3BF36828-9EA7-61F9-1C0A-02000000CF01}1064C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x8000000000000000150621607Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:11.252{3BF36828-9EA7-61F9-1C0A-02000000CF01}1064C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 10341000x800000000000000071065872Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:11.535{B81B27B7-4B3C-61E8-3000-00000000CE01}31083128C:\Windows\system32\conhost.exe{B81B27B7-9EA7-61F9-B709-02000000CE01}3100C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071065871Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:11.519{B81B27B7-4B39-61E8-0C00-00000000CE01}7363692C:\Windows\system32\svchost.exe{B81B27B7-4B3A-61E8-1F00-00000000CE01}2004C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071065870Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:11.519{B81B27B7-4B39-61E8-0C00-00000000CE01}7363692C:\Windows\system32\svchost.exe{B81B27B7-4B3A-61E8-1F00-00000000CE01}2004C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071065869Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:11.519{B81B27B7-4B39-61E8-0C00-00000000CE01}7363692C:\Windows\system32\svchost.exe{B81B27B7-4B3A-61E8-1F00-00000000CE01}2004C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071065868Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:11.519{B81B27B7-4B39-61E8-0C00-00000000CE01}7363692C:\Windows\system32\svchost.exe{B81B27B7-4B3A-61E8-1F00-00000000CE01}2004C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071065867Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:11.519{B81B27B7-4B38-61E8-0500-00000000CE01}4201000C:\Windows\system32\csrss.exe{B81B27B7-9EA7-61F9-B709-02000000CE01}3100C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000071065866Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:11.519{B81B27B7-4B3A-61E8-2600-00000000CE01}21723992C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{B81B27B7-9EA7-61F9-B709-02000000CE01}3100C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000071065865Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:11.504{B81B27B7-9EA7-61F9-B709-02000000CE01}3100C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{B81B27B7-4B39-61E8-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{B81B27B7-4B3A-61E8-2600-00000000CE01}2172C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000071065864Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:11.425{B81B27B7-4B4D-61E8-6F00-00000000CE01}3156NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=45AE0761AA2E9849CDD1C616DB76D5D5,SHA256=F9097CD71CB120269FD9A814FF83FE94FB6D75CA6E1B368DAEFD190EA17B9B4D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000071065863Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:11.425{B81B27B7-4B4D-61E8-6F00-00000000CE01}3156NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=6190EF8D3CFF785992D5B38985B34F62,SHA256=77EBC1C5318E8D9C8BCCEF7B0CD60FCAF839E2B89EABDA44BBEC90A944EC3D63,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x8000000000000000150621606Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:11.252{3BF36828-9EA7-61F9-1C0A-02000000CF01}1064C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x8000000000000000150621605Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:11.252{3BF36828-9EA7-61F9-1C0A-02000000CF01}1064C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x8000000000000000150621604Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:11.252{3BF36828-9EA7-61F9-1C0A-02000000CF01}1064C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x8000000000000000150621603Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:11.252{3BF36828-9EA7-61F9-1C0A-02000000CF01}1064C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000150621602Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:11.252{3BF36828-9EA7-61F9-1C0A-02000000CF01}1064C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x8000000000000000150621601Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:11.252{3BF36828-9EA7-61F9-1C0A-02000000CF01}1064C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 734700x8000000000000000150621600Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:11.252{3BF36828-9EA7-61F9-1C0A-02000000CF01}1064C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x8000000000000000150621599Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:11.252{3BF36828-9EA7-61F9-1C0A-02000000CF01}1064C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x8000000000000000150621598Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:11.252{3BF36828-9EA7-61F9-1C0A-02000000CF01}1064C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x8000000000000000150621597Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:11.252{3BF36828-9EA7-61F9-1C0A-02000000CF01}1064C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4350 (rs1_release.210407-2154)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=BC930981DA6E598A6A2E87D8355CB38A,SHA256=34DB9A305C0574B5C1694A499221B520DFB2BFD894D8E95096ABF09F1182D758,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x8000000000000000150621596Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:11.252{3BF36828-9EA7-61F9-1C0A-02000000CF01}1064C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x8000000000000000150621595Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:11.252{3BF36828-9EA7-61F9-1C0A-02000000CF01}1064C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x8000000000000000150621594Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:11.252{3BF36828-9EA7-61F9-1C0A-02000000CF01}1064C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x8000000000000000150621593Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:11.252{3BF36828-9EA7-61F9-1C0A-02000000CF01}1064C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x8000000000000000150621592Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:11.252{3BF36828-9EA7-61F9-1C0A-02000000CF01}1064C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x8000000000000000150621591Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:11.252{3BF36828-9EA7-61F9-1C0A-02000000CF01}1064C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x8000000000000000150621590Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:11.252{3BF36828-9EA7-61F9-1C0A-02000000CF01}1064C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x8000000000000000150621589Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:11.252{3BF36828-9EA7-61F9-1C0A-02000000CF01}1064C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x8000000000000000150621588Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:11.252{3BF36828-9EA7-61F9-1C0A-02000000CF01}1064C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x8000000000000000150621587Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:11.236{3BF36828-9EA7-61F9-1C0A-02000000CF01}1064C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\advapi32.dll10.0.14393.2969 (rs1_release.190503-1820)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=F5442C4B9A99C3AED71BED79AC46DAD1,SHA256=05F47403F3BD93FB11F39A5CB4D6E4DD08B35FF4FA3D4969D8E5396D38FB484B,IMPHASH=D2F471BB25AF6310EB67BD4EA99B4DBCtrueMicrosoft WindowsValid 10341000x8000000000000000150621586Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:11.236{3BF36828-4B4B-61E8-3600-00000000CF01}34443464C:\Windows\system32\conhost.exe{3BF36828-9EA7-61F9-1C0A-02000000CF01}1064C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x8000000000000000150621585Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:11.236{3BF36828-9EA7-61F9-1C0A-02000000CF01}1064C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x8000000000000000150621584Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:11.236{3BF36828-9EA7-61F9-1C0A-02000000CF01}1064C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x8000000000000000150621583Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:11.236{3BF36828-9EA7-61F9-1C0A-02000000CF01}1064C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000150621582Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:11.236{3BF36828-9EA7-61F9-1C0A-02000000CF01}1064C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----MD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1CtrueSplunk, Inc.Valid 10341000x8000000000000000150621581Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:11.236{3BF36828-4B39-61E8-0C00-00000000CF01}8405416C:\Windows\system32\svchost.exe{3BF36828-4B49-61E8-2A00-00000000CF01}2992C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000150621580Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:11.236{3BF36828-4B39-61E8-0C00-00000000CF01}8405416C:\Windows\system32\svchost.exe{3BF36828-4B49-61E8-2A00-00000000CF01}2992C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000150621579Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:11.236{3BF36828-4B39-61E8-0C00-00000000CF01}8405416C:\Windows\system32\svchost.exe{3BF36828-4B49-61E8-2A00-00000000CF01}2992C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000150621578Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:11.236{3BF36828-4B39-61E8-0C00-00000000CF01}8405416C:\Windows\system32\svchost.exe{3BF36828-4B49-61E8-2A00-00000000CF01}2992C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000150621577Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:11.236{3BF36828-4B36-61E8-0500-00000000CF01}416532C:\Windows\system32\csrss.exe{3BF36828-9EA7-61F9-1C0A-02000000CF01}1064C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000150621576Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:11.236{3BF36828-4B49-61E8-2D00-00000000CF01}30564072C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3BF36828-9EA7-61F9-1C0A-02000000CF01}1064C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000150621575Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:11.222{3BF36828-9EA7-61F9-1C0A-02000000CF01}1064C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{3BF36828-4B37-61E8-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{3BF36828-4B49-61E8-2D00-00000000CF01}3056C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000150621680Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:12.846{3BF36828-4B5D-61E8-7600-00000000CF01}3900NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5844A30712D6BE7F4086CE8BC21AD3D2,SHA256=7551C3EBF3FA94512D9ECB364A86B0E922A2A72057C07E4EC29B6301E9BF096D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000071065876Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:12.644{B81B27B7-4B4D-61E8-6F00-00000000CE01}3156NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AB58110D26004858B78F459A4AFFC26D,SHA256=10BC752C8C06C8D5C9FF92427E439ED669378CEBFC261A89745C182F43D2D598,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000150621679Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:12.424{3BF36828-4B5D-61E8-7600-00000000CF01}3900NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F7E31486D2C580CAF812EDEC9035129F,SHA256=DC0576E65AFF0BC7E6B523945640837B9C8847C6738F3C21A8701D809B3B047F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x8000000000000000150621678Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:12.096{3BF36828-9EA7-61F9-1D0A-02000000CF01}1608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 10341000x8000000000000000150621677Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:12.096{3BF36828-9EA7-61F9-1D0A-02000000CF01}16082700C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{3BF36828-4B49-61E8-2D00-00000000CF01}3056C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x8000000000000000150621676Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:12.096{3BF36828-9EA7-61F9-1D0A-02000000CF01}1608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x8000000000000000150621675Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:12.096{3BF36828-9EA7-61F9-1D0A-02000000CF01}1608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 23542300x800000000000000071065875Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:12.519{B81B27B7-4B4D-61E8-6F00-00000000CE01}3156NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=45AE0761AA2E9849CDD1C616DB76D5D5,SHA256=F9097CD71CB120269FD9A814FF83FE94FB6D75CA6E1B368DAEFD190EA17B9B4D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000150621681Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:13.861{3BF36828-4B5D-61E8-7600-00000000CF01}3900NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=84486C829299180FAFB631A958E0E629,SHA256=6C5F4991BF3D39A7A0DB7F316FE93D89B1128065A455C14C056DE5430AB47153,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000071065877Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:13.645{B81B27B7-4B4D-61E8-6F00-00000000CE01}3156NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=762A0CAFFD3974C47496579AC4846D04,SHA256=DA381E104EAED4676F79B713AED19B9C6367E27AFB2A4DCE301950C5086C272C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000150621684Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:14.877{3BF36828-4B5D-61E8-7600-00000000CF01}3900NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3AE1BED4DB08025EDA1857C68E835B31,SHA256=A837B91205BD4345DD361362F471F9F0EF16EE3891380B917F6473CC7820B298,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000071065879Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:07.785{B81B27B7-4B45-61E8-6600-00000000CE01}4020C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local52548-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000071065878Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:14.659{B81B27B7-4B4D-61E8-6F00-00000000CE01}3156NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CDADAA32B08C3B4B1D20C2927FF2FF0C,SHA256=9866E42CEBE42FDE1F26FBC4360FD8334E3C4E3CD0DB179517D64CE1CB9EDC7F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x8000000000000000150621683Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:56:56.754{3BF36828-4B56-61E8-6D00-00000000CF01}4044C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local52406-false10.0.1.12-8000- 23542300x8000000000000000150621682Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:14.111{3BF36828-4B5D-61E8-7600-00000000CF01}3900NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=E9FE2FCBF731C89BE867CF5309156F92,SHA256=51B8D81907F0183B178D1E9875F0E02FA25152EDE4A0AF1C96196FA7707FA0E8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000150621685Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:15.908{3BF36828-4B5D-61E8-7600-00000000CF01}3900NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=924BE1F444F22170642D88400E5D1F39,SHA256=FA1F9576576D842281CB3FAD5FCF628181F72C4F24793F74CA63056507C94711,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000071065880Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:15.675{B81B27B7-4B4D-61E8-6F00-00000000CE01}3156NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=48C0CFF8415F40E8C775EE6D58EB1BD9,SHA256=5259C2D9F2EA4EB399FA74B9C1AD060014BDFE5BCA232D1472B08FB1EE7B4551,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000150621686Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:16.940{3BF36828-4B5D-61E8-7600-00000000CF01}3900NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F20BF490A70803AEE0F494CF015026B4,SHA256=E6DAB760E60EAAEEFD00D7862FDDC4E6562C27DED9B3A52FA607F0256D34D510,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000071065881Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:16.690{B81B27B7-4B4D-61E8-6F00-00000000CE01}3156NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B670047E6800F686F3EDB0C2F5C8D1DE,SHA256=0B759E98897BB4FA18225AF9EF131D243912C4CF203B2CBE988104AF68691034,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000150621687Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:17.955{3BF36828-4B5D-61E8-7600-00000000CF01}3900NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=913E7397AF12F00600F5745312B98805,SHA256=7D981FB6EA2D0D1961F1D8696805889DF2F71E0BE461930D0011BE8BEB356892,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000071065882Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:17.691{B81B27B7-4B4D-61E8-6F00-00000000CE01}3156NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8B8E8765C8A3431C4ABC5BAE37716F31,SHA256=3D514EB687B303D8ABA17F5F53529089049F47F3647CBF11105707B55894E4FA,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000150621688Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:18.971{3BF36828-4B5D-61E8-7600-00000000CF01}3900NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6D402DEDFD070B3AA126079527B64FF6,SHA256=C0CDAB4ED97E4BDB5050B5C6697897E281C97778B6A59D40A6402AEDACA97E4E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000071065883Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:18.691{B81B27B7-4B4D-61E8-6F00-00000000CE01}3156NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C51D1DBB8840D4A48D93281677EFE448,SHA256=8E5A82EE9964130699BC71415CF17CF827FF0536DD55CC97C6C4FA10D8CD6647,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000071065884Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:19.691{B81B27B7-4B4D-61E8-6F00-00000000CE01}3156NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=396272C8AF55D24EC3E912C45913605C,SHA256=9A8541CE685B3FDF17E8D25B6A4E82356EAA151FDB01B4E85B074208B661B494,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x8000000000000000150621743Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:01.832{3BF36828-4B56-61E8-6D00-00000000CF01}4044C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local52407-false10.0.1.12-8000- 23542300x8000000000000000150621742Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:19.627{3BF36828-4B39-61E8-1300-00000000CF01}352NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=E5D43C5AFBCE912A098F76270CE1987C,SHA256=ECCA46973ECFFECE8AB83A37E82DC080A123C3A9A677CE2082BB09FA304147DC,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 734700x8000000000000000150621741Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:19.549{3BF36828-9EAF-61F9-1E0A-02000000CF01}2156C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel.appcore.dll10.0.14393.2312 (rs1_release.180607-1919)AppModel API HostMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel.appcore.dllMD5=0AF5EF8A7FEFD4B37036B71514FC20CF,SHA256=D4F178583F6F33794D42B4DB11008494E9CD9F069C2AD2CA304DA63F9B5F659C,IMPHASH=94524C03C5380F78283785F1E05E667DtrueMicrosoft WindowsValid 734700x8000000000000000150621740Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:19.549{3BF36828-9EAF-61F9-1E0A-02000000CF01}2156C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbgcore.dll10.0.14321.1024 (debuggers(dbg).210127-1811)Windows Core Debugging HelpersMicrosoft® Windows® Operating SystemMicrosoftDBGCORE.DLLMD5=72E8FEC8419AB470FB737883463688FE,SHA256=1DA7D2D2D1C4E6EC17101A4997C4AA610818730D63C72C1D2084ABA3F25C5146,IMPHASH=F67CBD9561C1FEF51B817BA184E81D2EtrueMicrosoft WindowsValid 734700x8000000000000000150621739Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:19.549{3BF36828-9EAF-61F9-1E0A-02000000CF01}2156C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\dbghelp.dll10.0.14321.1024 (rs1_release.160715-1616)Windows Image HelperMicrosoft® Windows® Operating SystemMicrosoftDBGHELP.DLLMD5=2C92DF5D32661FB4B81B08B72B2102A7,SHA256=BCEF4DEBDE7D8D6916EE3D3E5E63A725E03A058AABCD7DD49DF9D48B16E96D1A,IMPHASH=E7FD2920222985E31019D022BB39EFBEtrueMicrosoft WindowsValid 734700x8000000000000000150621738Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:19.377{3BF36828-9EAF-61F9-1E0A-02000000CF01}2156C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptbase.dll10.0.14393.0 (rs1_release.160715-1616)Base cryptographic API DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptbase.dllMD5=51FCB0FDEFCB9A3E4A1DC8C8673BC63C,SHA256=63A0E1A76B7ABCF56E44B548568649FFB6B5609402746D48A4DC77CCED20F5FE,IMPHASH=9E9C9DFD04CDDF2B6F1412BF096AEAF4trueMicrosoft WindowsValid 734700x8000000000000000150621737Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:19.377{3BF36828-9EAF-61F9-1E0A-02000000CF01}2156C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rsaenh.dll10.0.14393.2969 (rs1_release.190503-1820)Microsoft Enhanced Cryptographic ProviderMicrosoft® Windows® Operating SystemMicrosoft Corporationrsaenh.dllMD5=B6E99FD898E948657373BB02708C7C00,SHA256=90476029BD7AB0FEC53AAE567AE53BC0B09C7C5C8C7B8F19485BA872B74ED591,IMPHASH=C918D75BDB7774C087BB6C0C9C0A7686trueMicrosoft WindowsValid 734700x8000000000000000150621736Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:19.377{3BF36828-9EAF-61F9-1E0A-02000000CF01}2156C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\cryptsp.dll10.0.14393.2969 (rs1_release.190503-1820)Cryptographic Service Provider APIMicrosoft® Windows® Operating SystemMicrosoft Corporationcryptsp.dllMD5=9500AE4C4B639FEAEED0CC6C39F45149,SHA256=C1055D4B9A854282336A5404CA0FCB1A2EBC3417600035338C9CDFC7B8D0778C,IMPHASH=96CBD1B5C0EA88B677BA3BB5FD009869trueMicrosoft WindowsValid 734700x8000000000000000150621735Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:19.361{3BF36828-9EAF-61F9-1E0A-02000000CF01}2156C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\srvcli.dll10.0.14393.0 (rs1_release.160715-1616)Server Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationSRVCLI.DLLMD5=656F846CAED76C6FC5C76E8BACEF4EF6,SHA256=DFDE27C086764ACC1EA3E6A4E2BA50C2AB532F9E1D99203861F51910A8D850FB,IMPHASH=B15A9E7274075AC5A54930989FAC32E4trueMicrosoft WindowsValid 734700x8000000000000000150621734Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:19.361{3BF36828-9EAF-61F9-1E0A-02000000CF01}2156C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\wkscli.dll10.0.14393.0 (rs1_release.160715-1616)Workstation Service Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWKSCLI.DLLMD5=3DCBAE237E4E1F0EBE8E7DC053F778C4,SHA256=C3331CCBE71CC98A5F1BC013F1C0218FE194CA7B497DDF706BF9025AB5A7B330,IMPHASH=050C8F7AA588BF04847F59B2EFAE366AtrueMicrosoft WindowsValid 734700x8000000000000000150621733Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:19.361{3BF36828-9EAF-61F9-1E0A-02000000CF01}2156C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netutils.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API Helpers DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNETUTILS.DLLMD5=504739A17F3A05531258784275A6F375,SHA256=A931C54C47B454407990241DB12BD209AC219C55F026ADDED427A9E84A409923,IMPHASH=7D1B32891B9173ED71ED6C18DEFEE578trueMicrosoft WindowsValid 734700x8000000000000000150621732Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:19.361{3BF36828-9EAF-61F9-1E0A-02000000CF01}2156C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\netapi32.dll10.0.14393.0 (rs1_release.160715-1616)Net Win32 API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationNetApi32.DLLMD5=F55166956AEAD05A141BA7E80B90AB7B,SHA256=B9BCF21D7F7E771C388C469B2611E8946166C62005B56D72421060DABFF7093F,IMPHASH=2D83F1DFF12EFB449C1FCD6634700369trueMicrosoft WindowsValid 734700x8000000000000000150621731Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:19.361{3BF36828-9EAF-61F9-1E0A-02000000CF01}2156C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\msvcp140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationmsvcp140.dllMD5=BA72C2F6F465926980ADC2FB7F8B3490,SHA256=86881A7054532019291C162F0A8177980C1C2B45490F7E88543F22915D08D9FF,IMPHASH=ADF99B9EA3A1F76C33522F96772BC4DDtrueMicrosoft CorporationValid 734700x8000000000000000150621730Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:19.361{3BF36828-9EAF-61F9-1E0A-02000000CF01}2156C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcrypt.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcrypt.dllMD5=51F4F9025E6D236F5BF2C24C09E42C8E,SHA256=AE196933C3E292680C83B09F24CE9E6D498E34ECDD30ACB8C1544EEB4705F285,IMPHASH=7C2E79D83754439DC7DE7882DCB4238DtrueMicrosoft WindowsValid 734700x8000000000000000150621729Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:19.361{3BF36828-9EAF-61F9-1E0A-02000000CF01}2156C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcp_win.dll10.0.14393.2999 (rs1_release_inmarket.190520-1518)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcp_win.dllMD5=C50C0CEFA633773AB29572E05834F1FE,SHA256=50178F23AA57B31626614C6C65DA2B6518A64FF684FFA18A0F49C4431DFCBEC5,IMPHASH=5B59892514923CABE9B70CFE22A3F59AtrueMicrosoft WindowsValid 734700x8000000000000000150621728Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:19.361{3BF36828-9EAF-61F9-1E0A-02000000CF01}2156C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\vcruntime140.dll14.16.27012.6 built by: vcwrkspcMicrosoft® C Runtime LibraryMicrosoft® Visual Studio® 2017Microsoft Corporationvcruntime140.dllMD5=0C583614EB8FFB4C8C2D9E9880220F1D,SHA256=6CADB4FEF773C23B511ACC8B715A084815C6E41DD8C694BC70090A97B3B03FB9,IMPHASH=2CB5DA5225E972A08F32D04B8085DC7EtrueMicrosoft CorporationValid 734700x8000000000000000150621727Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:19.361{3BF36828-9EAF-61F9-1E0A-02000000CF01}2156C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\Wldap32.dll10.0.14393.3269 (rs1_release.190929-1234)Win32 LDAP API DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationWLDAP32.DLLMD5=12D6C3E8AC705BB42D377C05714F551C,SHA256=E67F6DB96F062A319312C365F1F55B2B38B0F90B77FFDA2522418709CBA45EB3,IMPHASH=D13722FCCB1CDD38974ADB7277D98799trueMicrosoft WindowsValid 734700x8000000000000000150621726Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:19.361{3BF36828-9EAF-61F9-1E0A-02000000CF01}2156C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libeay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/libeay32.dllMD5=6445BD4247E3956B244772F3C415585F,SHA256=2B08FC9E160AD0F698226DA3E30A12551E8EBCCA1E7287E3915EC62B58151A78,IMPHASH=838F909F0A52D977E0B8662364FA0BFEtrueSplunk, Inc.Valid 734700x8000000000000000150621725Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:19.361{3BF36828-9EAF-61F9-1E0A-02000000CF01}2156C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\adsldpc.dll10.0.14393.0 (rs1_release.160715-1616)ADs LDAP Provider C DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationadsldpcMD5=F03FD7F523CFDBB96B0F3B8012FC161D,SHA256=8218E5AC2D7A52A2D50CD8D3CC8AA8CE4E37D1BDECFA62BC2637AA32A01CBA54,IMPHASH=AFF2E9AF6DD20912DC1E604BDBCA3761trueMicrosoft WindowsValid 734700x8000000000000000150621724Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:19.361{3BF36828-9EAF-61F9-1E0A-02000000CF01}2156C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\winspool.drv10.0.14393.4169 (rs1_release.210107-1130)Windows Spooler DriverMicrosoft® Windows® Operating SystemMicrosoft Corporationwinspool.drvMD5=D21FAA584F844E61375D95B5BE9115EE,SHA256=E221EA0081FDE7AAAD71A38016A8D470082B3732E9ED2D8ED7C97E9F41AF0045,IMPHASH=2005807FD04567B79F4109D23F9E6018trueMicrosoft WindowsValid 734700x8000000000000000150621723Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:19.361{3BF36828-9EAF-61F9-1E0A-02000000CF01}2156C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\oleaut32.dll10.0.14393.4402 (rs1_release.210426-1725)OLEAUT32.DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationOLEAUT32.DLLMD5=57B07BF89C63FA60A810FEDE496126CA,SHA256=080632F80FA2A387E5A55C670FFE07C927D553FDDA26F7F8B4156C0C6B20E75E,IMPHASH=8987D71C85BB2C13D3D90194331F962FtrueMicrosoft WindowsValid 734700x8000000000000000150621722Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:19.361{3BF36828-9EAF-61F9-1E0A-02000000CF01}2156C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\archive.dll-----MD5=98978F08A7A0D24C92FE8DC5287A8258,SHA256=CBB940A38E834C0BE44884C667863F76D6700D564043F90B3EB813370C3174E7,IMPHASH=86B04733169A315F437478D1C9AA6193trueSplunk, Inc.Valid 734700x8000000000000000150621721Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:19.361{3BF36828-9EAF-61F9-1E0A-02000000CF01}2156C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\bcryptprimitives.dll10.0.14393.4046 (rs1_release.201028-1803)Windows Cryptographic Primitives LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationbcryptprimitives.dllMD5=E92A3F429653A81E4C53A0B474A817A5,SHA256=4ECAFDB8F0F20BFFC1A5516882FD59C961DEACC2B01F669ABF1D1895F6F90A55,IMPHASH=BA5C37A1CF8C2730ED1F4DA1587496A5trueMicrosoft WindowsValid 734700x8000000000000000150621720Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:19.361{3BF36828-9EAF-61F9-1E0A-02000000CF01}2156C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec-openssl.dll-----MD5=F30BB43EC30BE50400780223450492CD,SHA256=867D0453E285A5C29A4EFA039D2399662DCCAC98F88C46B0A41CEFB6B68DD836,IMPHASH=464BF3FDF330E6A15D24CC679EF7F72EtrueSplunk, Inc.Valid 734700x8000000000000000150621719Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:19.361{3BF36828-9EAF-61F9-1E0A-02000000CF01}2156C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\combase.dll10.0.14393.4350 (rs1_release.210407-2154)Microsoft COM for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationCOMBASE.DLLMD5=88632FDECDE467B887C3594BE2EC545C,SHA256=FFED4D80961917C785063411ED15CED1DB6588AD925E76D72E1BF684FFDBF25D,IMPHASH=0863DD72CA0C3702DB7ACD19A4D5DEB1trueMicrosoft WindowsValid 734700x8000000000000000150621718Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:19.361{3BF36828-9EAF-61F9-1E0A-02000000CF01}2156C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxmlsec.dll-----MD5=D98BAB348C28C8CFCC11EDB575E2557A,SHA256=ADA3F1256B175ECC390F126D2730D7A1AAB5A53F1AF205A7667D8010416602F9,IMPHASH=3295DC2518E43BEF226F8847873D20C2trueSplunk, Inc.Valid 734700x8000000000000000150621717Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:19.361{3BF36828-9EAF-61F9-1E0A-02000000CF01}2156C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ucrtbase.dll10.0.14393.3659 (rs1_release_1.200410-1813)Microsoft® C Runtime LibraryMicrosoft® Windows® Operating SystemMicrosoft Corporationucrtbase.dllMD5=9804D130E8E7178738C2B9808091B427,SHA256=6053B7CC85846F15094475116A8C57BA89FE99FDD1978C54E8A7E2114E318FE3,IMPHASH=57ABD1FDE351971A01E912069E11B44CtrueMicrosoft WindowsValid 734700x8000000000000000150621716Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:19.346{3BF36828-9EAF-61F9-1E0A-02000000CF01}2156C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\ssleay32.dll1.0.2tOpenSSL Shared LibraryThe OpenSSL ToolkitThe OpenSSL Project, http://www.openssl.org/ssleay32.dllMD5=B20FA07A7A61791EE537B5945429E141,SHA256=EF53BC2AB58BC548EFA249B0B8F2E1FBB9D4739EF27B0C67DFF1468D555329D3,IMPHASH=E09B42A7EA1725DA2CD99223AD969C63trueSplunk, Inc.Valid 734700x8000000000000000150621715Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:19.346{3BF36828-9EAF-61F9-1E0A-02000000CF01}2156C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ole32.dll10.0.14393.4169 (rs1_release.210107-1130)Microsoft OLE for WindowsMicrosoft® Windows® Operating SystemMicrosoft CorporationOLE32.DLLMD5=676B0A1FB2A01D19AECB1F19883B6FC4,SHA256=56DEB219840DBAF9DAF645AD5D79AF9AB05F20E688382854DD487F440B257552,IMPHASH=9724475F92787AFC45A3BA458C0DCDC5trueMicrosoft WindowsValid 734700x8000000000000000150621714Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:19.346{3BF36828-9EAF-61F9-1E0A-02000000CF01}2156C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxslt.dll-----MD5=B8D3119CE62331C6A9B170DA0A608F28,SHA256=7D6C6B7C542B4E67AA468FEB12044E2EE34CE8F8A68C7665D7861F3363B6E66A,IMPHASH=06C8C57E25207671F4639FDBFA0212ECtrueSplunk, Inc.Valid 734700x8000000000000000150621713Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:19.346{3BF36828-9EAF-61F9-1E0A-02000000CF01}2156C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\libxml2.dll2.9.9libxml2 librarylibxml2-libxml2.dllMD5=0E7B7B3B25A2F094EB3A7BAF471154B8,SHA256=6CFAC8D8D5B7345F2C6CC82CBF8F9DD475881EA260346BE283E52B822F2CCAC1,IMPHASH=6DA659461618DB73B9BD17D114677D20trueSplunk, Inc.Valid 734700x8000000000000000150621712Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:19.346{3BF36828-9EAF-61F9-1E0A-02000000CF01}2156C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\activeds.dll10.0.14393.4169 (rs1_release.210107-1130)ADs Router Layer DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationADsMD5=C62947CD1080E3B128B517AE91B22D6D,SHA256=6BB5D8967F822B5B1646DC9069212914D36C4D3D65E086AC0890B6A02112B438,IMPHASH=C7DF3F2CF025F0BEDA797705E4F4AFBBtrueMicrosoft WindowsValid 734700x8000000000000000150621711Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:19.346{3BF36828-9EAF-61F9-1E0A-02000000CF01}2156C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ws2_32.dll10.0.14393.3241 (rs1_release_inmarket.190910-1801)Windows Socket 2.0 32-Bit DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationws2_32.dllMD5=06E82905620845A7C185BDEE85CC4140,SHA256=B75C9B080293F85568912BABE749F403144959206F9C6BAB36B628E8F77C5DA0,IMPHASH=76A5AA3DF6083D853F576403C8F841A8trueMicrosoft WindowsValid 734700x8000000000000000150621710Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:19.346{3BF36828-9EAF-61F9-1E0A-02000000CF01}2156C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\rpcrt4.dll10.0.14393.4350 (rs1_release.210407-2154)Remote Procedure Call RuntimeMicrosoft® Windows® Operating SystemMicrosoft Corporationrpcrt4.dllMD5=BC930981DA6E598A6A2E87D8355CB38A,SHA256=34DB9A305C0574B5C1694A499221B520DFB2BFD894D8E95096ABF09F1182D758,IMPHASH=EB45E6A4165ECBE63E7CA7D14DE0BD8EtrueMicrosoft WindowsValid 734700x8000000000000000150621709Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:19.346{3BF36828-9EAF-61F9-1E0A-02000000CF01}2156C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\sechost.dll10.0.14393.3808 (rs1_release.200707-2105)Host for SCM/SDDL/LSA Lookup APIsMicrosoft® Windows® Operating SystemMicrosoft Corporationsechost.dllMD5=E6B98644CD3B912C44C39CC0996790A9,SHA256=23BE56E1B8DBA449C0959753175BD15457EC88E93E9E8B86489266347959A6F2,IMPHASH=D6E06125849E8565A50F366A0149FB40trueMicrosoft WindowsValid 734700x8000000000000000150621708Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:19.346{3BF36828-9EAF-61F9-1E0A-02000000CF01}2156C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\msvcrt.dll7.0.14393.2457 (rs1_release_inmarket.180822-1743)Windows NT CRT DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationmsvcrt.dllMD5=0AF8989DD67A135B536CF948E3EFB7EB,SHA256=C693DA0EF4DCF3BC244661B9FD280FE12C3053FDD7B977712C0CF210831B2EF4,IMPHASH=07D6F84E3C8FD0D2C32F9398A0369BAFtrueMicrosoft WindowsValid 734700x8000000000000000150621707Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:19.346{3BF36828-9EAF-61F9-1E0A-02000000CF01}2156C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\advapi32.dll10.0.14393.2969 (rs1_release.190503-1820)Advanced Windows 32 Base APIMicrosoft® Windows® Operating SystemMicrosoft Corporationadvapi32.dllMD5=F5442C4B9A99C3AED71BED79AC46DAD1,SHA256=05F47403F3BD93FB11F39A5CB4D6E4DD08B35FF4FA3D4969D8E5396D38FB484B,IMPHASH=D2F471BB25AF6310EB67BD4EA99B4DBCtrueMicrosoft WindowsValid 734700x8000000000000000150621706Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:19.346{3BF36828-9EAF-61F9-1E0A-02000000CF01}2156C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32full.dll10.0.14393.4350 (rs1_release.210407-2154)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=F9FE858A976B6D38FD5CEA46019B246A,SHA256=37F7417D0AA2A15121A14CF176F0C4A1B6BB01E290324CCA0DDB001F47E8C458,IMPHASH=059EB3BAA45E35C79FAE66F7279059EEtrueMicrosoft WindowsValid 734700x8000000000000000150621705Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:19.346{3BF36828-9EAF-61F9-1E0A-02000000CF01}2156C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\gdi32.dll10.0.14393.4169 (rs1_release.210107-1130)GDI Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationgdi32MD5=551D603CEC947F586DB9FADEF4D2EBA6,SHA256=143125EFF9F3BC5B3F3BE505F3C3814393807B9CACB6AA5F75D39C77EC0D4ED8,IMPHASH=A24D446CB7FCBB6D29B592603C0BE00CtrueMicrosoft WindowsValid 734700x8000000000000000150621704Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:19.346{3BF36828-9EAF-61F9-1E0A-02000000CF01}2156C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\win32u.dll10.0.14393.0 (rs1_release.160715-1616)Win32uMicrosoft® Windows® Operating SystemMicrosoft CorporationWin32u.DLLMD5=6A40F9C63B52CB4E8271CF3418618033,SHA256=A2BE23DA7AADFA9118130C939CD59D86E590957172FF404511EE6C5EC5147F15,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000150621703Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:19.346{3BF36828-9EAF-61F9-1E0A-02000000CF01}2156C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\user32.dll10.0.14393.4169 (rs1_release.210107-1130)Multi-User Windows USER API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationuser32MD5=883B59C5557E8A9B3C1E1ED1CA48CD5A,SHA256=271800C20A96587265BF83DE2EFC11329EEB2B6C0D57E5E0BCD137FB96BFE6E3,IMPHASH=070F257E4632BC576557C4085595EAA4trueMicrosoft WindowsValid 10341000x8000000000000000150621702Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:19.346{3BF36828-4B4B-61E8-3600-00000000CF01}34443464C:\Windows\system32\conhost.exe{3BF36828-9EAF-61F9-1E0A-02000000CF01}2156C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x8000000000000000150621701Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:19.346{3BF36828-9EAF-61F9-1E0A-02000000CF01}2156C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\KernelBase.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft CorporationKernelbase.dllMD5=0F627827D9CFFA8E0BCF30F013FB7209,SHA256=EA47C3E471801ACA92EE449C66CF785EA670ADE92A5A2D5CDB81C93DD72ABEF0,IMPHASH=05349EBAA635D77714868763D44881E9trueMicrosoft WindowsValid 734700x8000000000000000150621700Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:19.346{3BF36828-9EAF-61F9-1E0A-02000000CF01}2156C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\kernel32.dll10.0.14393.4350 (rs1_release.210407-2154)Windows NT BASE API Client DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationkernel32MD5=A5AD62615D2361BFAEC6C047B199184C,SHA256=B43F3DFDAF7BAA7A2B97015631F96CE429C50348D380080CFC29C36F959D7886,IMPHASH=3CE0779E0F4E275CD51A359A98CCC682trueMicrosoft WindowsValid 734700x8000000000000000150621699Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:19.346{3BF36828-9EAF-61F9-1E0A-02000000CF01}2156C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Windows\System32\ntdll.dll10.0.14393.4350 (rs1_release.210407-2154)NT Layer DLLMicrosoft® Windows® Operating SystemMicrosoft Corporationntdll.dllMD5=4C8F6DF16BD8E2739EC0D3439EA7507C,SHA256=79E203951A298D2818A9484A56521FA70DF19B7053F704378375128C7C48E8EE,IMPHASH=00000000000000000000000000000000trueMicrosoft WindowsValid 734700x8000000000000000150621698Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:19.346{3BF36828-9EAF-61F9-1E0A-02000000CF01}2156C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exeC:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exeMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748trueSplunk, Inc.Valid 10341000x8000000000000000150621697Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:19.346{3BF36828-4B39-61E8-0C00-00000000CF01}8405416C:\Windows\system32\svchost.exe{3BF36828-4B49-61E8-2A00-00000000CF01}2992C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000150621696Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:19.346{3BF36828-4B39-61E8-0C00-00000000CF01}8405416C:\Windows\system32\svchost.exe{3BF36828-4B49-61E8-2A00-00000000CF01}2992C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000150621695Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:19.346{3BF36828-4B39-61E8-0C00-00000000CF01}8405416C:\Windows\system32\svchost.exe{3BF36828-4B49-61E8-2A00-00000000CF01}2992C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000150621694Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:19.346{3BF36828-4B39-61E8-0C00-00000000CF01}8405416C:\Windows\system32\svchost.exe{3BF36828-4B49-61E8-2A00-00000000CF01}2992C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000150621693Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:19.346{3BF36828-4B36-61E8-0500-00000000CF01}416432C:\Windows\system32\csrss.exe{3BF36828-9EAF-61F9-1E0A-02000000CF01}2156C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000150621692Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:19.346{3BF36828-4B49-61E8-2D00-00000000CF01}30564072C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{3BF36828-9EAF-61F9-1E0A-02000000CF01}2156C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000150621691Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:19.331{3BF36828-9EAF-61F9-1E0A-02000000CF01}2156C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{3BF36828-4B37-61E8-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{3BF36828-4B49-61E8-2D00-00000000CF01}3056C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000150621690Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:19.158{3BF36828-4B5D-61E8-7600-00000000CF01}3900NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=66BC6BE6548F5D760F408FFC7B74E965,SHA256=2E83936ED29912F53937F35EA72F142F9D1324A665EAEC395CF1BB6EE584F439,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000150621689Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:19.158{3BF36828-4B5D-61E8-7600-00000000CF01}3900NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=E229F880DCCC827F72D13BDF31F0622D,SHA256=D7E90F7B67A2458FDE72424294E6E90AC20181C6906DAD25316B963CC6498507,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000071065886Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:13.800{B81B27B7-4B45-61E8-6600-00000000CE01}4020C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local52549-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000071065885Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:20.706{B81B27B7-4B4D-61E8-6F00-00000000CE01}3156NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=23FE230396FD6C7FCFEE2340CC61D5AE,SHA256=7921DA027E18F800141B88E8E82A6C9235D9CFD7073713824F2979434395D7AF,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000150621745Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:20.471{3BF36828-4B5D-61E8-7600-00000000CF01}3900NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=82136949351A3F67551A6B9A617C7C72,SHA256=4A29DAF0D646E189BF59911C13A4C073A333D5F1311F4D1CEF395C8974864140,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000150621744Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:20.471{3BF36828-4B5D-61E8-7600-00000000CF01}3900NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=66BC6BE6548F5D760F408FFC7B74E965,SHA256=2E83936ED29912F53937F35EA72F142F9D1324A665EAEC395CF1BB6EE584F439,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000071065895Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:21.956{B81B27B7-4B3C-61E8-3000-00000000CE01}31083128C:\Windows\system32\conhost.exe{B81B27B7-9EB1-61F9-B809-02000000CE01}4632C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071065894Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:21.956{B81B27B7-4B39-61E8-0C00-00000000CE01}7363692C:\Windows\system32\svchost.exe{B81B27B7-4B3A-61E8-1F00-00000000CE01}2004C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071065893Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:21.956{B81B27B7-4B39-61E8-0C00-00000000CE01}7363692C:\Windows\system32\svchost.exe{B81B27B7-4B3A-61E8-1F00-00000000CE01}2004C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071065892Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:21.956{B81B27B7-4B39-61E8-0C00-00000000CE01}7363692C:\Windows\system32\svchost.exe{B81B27B7-4B3A-61E8-1F00-00000000CE01}2004C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071065891Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:21.956{B81B27B7-4B39-61E8-0C00-00000000CE01}7363692C:\Windows\system32\svchost.exe{B81B27B7-4B3A-61E8-1F00-00000000CE01}2004C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071065890Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:21.956{B81B27B7-4B38-61E8-0500-00000000CE01}4202120C:\Windows\system32\csrss.exe{B81B27B7-9EB1-61F9-B809-02000000CE01}4632C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000071065889Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:21.956{B81B27B7-4B3A-61E8-2600-00000000CE01}21723992C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{B81B27B7-9EB1-61F9-B809-02000000CE01}4632C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000071065888Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:21.941{B81B27B7-9EB1-61F9-B809-02000000CE01}4632C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{B81B27B7-4B39-61E8-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{B81B27B7-4B3A-61E8-2600-00000000CE01}2172C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000071065887Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:21.722{B81B27B7-4B4D-61E8-6F00-00000000CE01}3156NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E1CFBA9296BB1CA3ECFC5E859ECDBEAB,SHA256=B40D69F8054EC80666973DE90F91E9EE399618417AAA2B45CECF636DD3C22F7D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000150621746Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:21.596{3BF36828-4B5D-61E8-7600-00000000CF01}3900NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3A3508702EEACCA2124BD8802783DCCB,SHA256=D3B933E838512E03CA704002235A9D985C291060D93DDCF107147CB57241040E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000071065906Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:22.847{B81B27B7-9EB2-61F9-B909-02000000CE01}4792756C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{B81B27B7-4B3A-61E8-2600-00000000CE01}2172C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000071065905Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:22.737{B81B27B7-4B4D-61E8-6F00-00000000CE01}3156NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1FC7904883432FD978F09CEF25087E27,SHA256=1F747CFFFAED93C203C182A38DA917C438917DA20E1EEEF7575795325B757C0F,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000150621747Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:22.627{3BF36828-4B5D-61E8-7600-00000000CF01}3900NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=66603F6DF94FA20E26C4A83FEB0E2973,SHA256=17733D0234AD8570E004BC97B9EFF691B25192B448538F44359851FE63226DD4,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000071065904Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:22.644{B81B27B7-4B3C-61E8-3000-00000000CE01}31083128C:\Windows\system32\conhost.exe{B81B27B7-9EB2-61F9-B909-02000000CE01}4792C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071065903Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:22.644{B81B27B7-4B39-61E8-0C00-00000000CE01}7363692C:\Windows\system32\svchost.exe{B81B27B7-4B3A-61E8-1F00-00000000CE01}2004C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071065902Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:22.644{B81B27B7-4B39-61E8-0C00-00000000CE01}7363692C:\Windows\system32\svchost.exe{B81B27B7-4B3A-61E8-1F00-00000000CE01}2004C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071065901Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:22.644{B81B27B7-4B39-61E8-0C00-00000000CE01}7363692C:\Windows\system32\svchost.exe{B81B27B7-4B3A-61E8-1F00-00000000CE01}2004C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071065900Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:22.644{B81B27B7-4B39-61E8-0C00-00000000CE01}7363692C:\Windows\system32\svchost.exe{B81B27B7-4B3A-61E8-1F00-00000000CE01}2004C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071065899Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:22.644{B81B27B7-4B38-61E8-0500-00000000CE01}420436C:\Windows\system32\csrss.exe{B81B27B7-9EB2-61F9-B909-02000000CE01}4792C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000071065898Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:22.644{B81B27B7-4B3A-61E8-2600-00000000CE01}21723992C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{B81B27B7-9EB2-61F9-B909-02000000CE01}4792C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000071065897Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:22.629{B81B27B7-9EB2-61F9-B909-02000000CE01}4792C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{B81B27B7-4B39-61E8-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{B81B27B7-4B3A-61E8-2600-00000000CE01}2172C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000071065896Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:22.144{B81B27B7-9EB1-61F9-B809-02000000CE01}46323860C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{B81B27B7-4B3A-61E8-2600-00000000CE01}2172C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071065925Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:23.784{B81B27B7-4B3C-61E8-3000-00000000CE01}31083128C:\Windows\system32\conhost.exe{B81B27B7-9EB3-61F9-BB09-02000000CE01}4156C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071065924Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:23.784{B81B27B7-4B39-61E8-0C00-00000000CE01}7363692C:\Windows\system32\svchost.exe{B81B27B7-4B3A-61E8-1F00-00000000CE01}2004C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071065923Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:23.784{B81B27B7-4B39-61E8-0C00-00000000CE01}7363692C:\Windows\system32\svchost.exe{B81B27B7-4B3A-61E8-1F00-00000000CE01}2004C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071065922Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:23.784{B81B27B7-4B39-61E8-0C00-00000000CE01}7363692C:\Windows\system32\svchost.exe{B81B27B7-4B3A-61E8-1F00-00000000CE01}2004C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071065921Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:23.784{B81B27B7-4B39-61E8-0C00-00000000CE01}7363692C:\Windows\system32\svchost.exe{B81B27B7-4B3A-61E8-1F00-00000000CE01}2004C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071065920Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:23.784{B81B27B7-4B38-61E8-0500-00000000CE01}420436C:\Windows\system32\csrss.exe{B81B27B7-9EB3-61F9-BB09-02000000CE01}4156C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000071065919Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:23.784{B81B27B7-4B3A-61E8-2600-00000000CE01}21723992C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{B81B27B7-9EB3-61F9-BB09-02000000CE01}4156C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000071065918Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:23.770{B81B27B7-9EB3-61F9-BB09-02000000CE01}4156C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{B81B27B7-4B39-61E8-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{B81B27B7-4B3A-61E8-2600-00000000CE01}2172C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000071065917Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:23.737{B81B27B7-4B4D-61E8-6F00-00000000CE01}3156NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E13A269B26634DE470E17CFBBBE48B28,SHA256=E8DF42319E6DEE954CE54FDC5A0CEE7A2DE6C17B4E048D17F987C37F0670106B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000150621785Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:23.986{3BF36828-4B5D-61E8-7600-00000000CF01}3900NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=03C08DE62884C3228269759BF2560660,SHA256=BE5629C69FB2CDD9E62B321E70DF77662D3D44E4136753147CB8508E97FBBF4D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x8000000000000000150621784Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:06.597{3BF36828-4B49-61E8-2E00-00000000CF01}2160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-128.attackrange.local53domainfalse10.0.1.14win-dc-128.attackrange.local62225- 354300x8000000000000000150621783Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:06.597{3BF36828-4B49-61E8-2E00-00000000CF01}2160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-128.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-128.attackrange.local63309- 354300x8000000000000000150621782Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:06.595{3BF36828-4B49-61E8-2E00-00000000CF01}2160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-128.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-128.attackrange.local56572- 354300x8000000000000000150621781Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:06.594{3BF36828-4B49-61E8-2E00-00000000CF01}2160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-128.attackrange.local53domainfalse10.0.1.14win-dc-128.attackrange.local50062- 354300x8000000000000000150621780Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:06.593{3BF36828-4B49-61E8-2E00-00000000CF01}2160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-128.attackrange.local53domainfalse10.0.1.14win-dc-128.attackrange.local57602- 354300x8000000000000000150621779Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:06.592{3BF36828-4B49-61E8-2E00-00000000CF01}2160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-128.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-128.attackrange.local58899- 354300x8000000000000000150621778Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:06.591{3BF36828-4B49-61E8-2E00-00000000CF01}2160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-128.attackrange.local53domainfalse10.0.1.14win-dc-128.attackrange.local62849- 354300x8000000000000000150621777Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:06.590{3BF36828-4B49-61E8-2E00-00000000CF01}2160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-128.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-128.attackrange.local63783- 354300x8000000000000000150621776Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:06.588{3BF36828-4B49-61E8-2E00-00000000CF01}2160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-128.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-128.attackrange.local49785- 354300x8000000000000000150621775Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:06.586{3BF36828-4B49-61E8-2E00-00000000CF01}2160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-128.attackrange.local53domainfalse10.0.1.14win-dc-128.attackrange.local63133- 354300x8000000000000000150621774Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:06.586{3BF36828-4B49-61E8-2E00-00000000CF01}2160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-128.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-128.attackrange.local58029- 354300x8000000000000000150621773Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:06.585{3BF36828-4B49-61E8-2E00-00000000CF01}2160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-128.attackrange.local53domainfalse10.0.1.14win-dc-128.attackrange.local63277- 354300x8000000000000000150621772Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:06.582{3BF36828-4B49-61E8-2E00-00000000CF01}2160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-128.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-128.attackrange.local59945- 354300x8000000000000000150621771Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:06.581{3BF36828-4B49-61E8-2E00-00000000CF01}2160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-128.attackrange.local53domainfalse10.0.1.14win-dc-128.attackrange.local58858- 354300x8000000000000000150621770Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:06.580{3BF36828-4B49-61E8-2E00-00000000CF01}2160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-128.attackrange.local53domainfalse10.0.1.14win-dc-128.attackrange.local59856- 354300x8000000000000000150621769Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:06.578{3BF36828-4B49-61E8-2E00-00000000CF01}2160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-128.attackrange.local53domainfalse10.0.1.14win-dc-128.attackrange.local56002- 354300x8000000000000000150621768Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:06.576{3BF36828-4B49-61E8-2E00-00000000CF01}2160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-128.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-128.attackrange.local57823- 354300x8000000000000000150621767Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:06.576{3BF36828-4B49-61E8-2E00-00000000CF01}2160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-128.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-128.attackrange.local58281- 354300x8000000000000000150621766Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:06.575{3BF36828-4B49-61E8-2E00-00000000CF01}2160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-128.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-128.attackrange.local56743- 354300x8000000000000000150621765Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:06.574{3BF36828-4B49-61E8-2E00-00000000CF01}2160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-128.attackrange.local53domainfalse10.0.1.14win-dc-128.attackrange.local53518- 354300x8000000000000000150621764Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:06.574{3BF36828-4B49-61E8-2E00-00000000CF01}2160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-128.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-128.attackrange.local62618- 354300x8000000000000000150621763Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:06.574{3BF36828-4B49-61E8-2E00-00000000CF01}2160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-128.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-128.attackrange.local61948- 354300x8000000000000000150621762Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:06.573{3BF36828-4B49-61E8-2E00-00000000CF01}2160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-128.attackrange.local53domainfalse10.0.1.14win-dc-128.attackrange.local50926- 354300x8000000000000000150621761Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:06.572{3BF36828-4B49-61E8-2E00-00000000CF01}2160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-128.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-128.attackrange.local55931- 354300x8000000000000000150621760Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:06.571{3BF36828-4B49-61E8-2E00-00000000CF01}2160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-128.attackrange.local53domainfalse10.0.1.14win-dc-128.attackrange.local50333- 354300x8000000000000000150621759Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:06.569{3BF36828-4B49-61E8-2E00-00000000CF01}2160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-128.attackrange.local53domainfalse10.0.1.14win-dc-128.attackrange.local65535- 354300x8000000000000000150621758Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:06.569{3BF36828-4B49-61E8-2E00-00000000CF01}2160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-128.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-128.attackrange.local53518- 354300x8000000000000000150621757Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:06.567{3BF36828-4B49-61E8-2E00-00000000CF01}2160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-128.attackrange.local53domainfalse10.0.1.14win-dc-128.attackrange.local56245- 354300x8000000000000000150621756Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:06.567{3BF36828-4B37-61E8-0B00-00000000CF01}632C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMudptruefalse10.0.1.14win-dc-128.attackrange.local56245-false10.0.1.14win-dc-128.attackrange.local53domain 354300x8000000000000000150621755Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:06.567{3BF36828-4B49-61E8-2E00-00000000CF01}2160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-128.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-128.attackrange.local64492- 354300x8000000000000000150621754Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:06.566{3BF36828-4B37-61E8-0B00-00000000CF01}632C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMudptruetrue0:0:0:0:0:0:0:1win-dc-128.attackrange.local64492-true0:0:0:0:0:0:0:1win-dc-128.attackrange.local53domain 354300x8000000000000000150621753Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:06.554{3BF36828-4B37-61E8-0B00-00000000CF01}632C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:b574:557a:2d92:ce61win-dc-128.attackrange.local52409-truefe80:0:0:0:b574:557a:2d92:ce61win-dc-128.attackrange.local49666- 354300x8000000000000000150621752Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:06.554{3BF36828-4B37-61E8-0B00-00000000CF01}632C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:b574:557a:2d92:ce61win-dc-128.attackrange.local52409-truefe80:0:0:0:b574:557a:2d92:ce61win-dc-128.attackrange.local49666- 354300x8000000000000000150621751Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:06.553{3BF36828-4B39-61E8-0D00-00000000CF01}900C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsetruefe80:0:0:0:b574:557a:2d92:ce61win-dc-128.attackrange.local52408-truefe80:0:0:0:b574:557a:2d92:ce61win-dc-128.attackrange.local135epmap 354300x8000000000000000150621750Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:06.553{3BF36828-4B37-61E8-0B00-00000000CF01}632C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:b574:557a:2d92:ce61win-dc-128.attackrange.local52408-truefe80:0:0:0:b574:557a:2d92:ce61win-dc-128.attackrange.local135epmap 23542300x8000000000000000150621749Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:23.627{3BF36828-4B5D-61E8-7600-00000000CF01}3900NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BB3DFAB16D1D895FEFE9BC9EB2F942AB,SHA256=B119D65BE6B399F0F1E33B5A3D83433D0FF5959AD5C54627E8B8664649E942FE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000071065916Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:23.159{B81B27B7-4B3C-61E8-3000-00000000CE01}31083128C:\Windows\system32\conhost.exe{B81B27B7-9EB3-61F9-BA09-02000000CE01}2572C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071065915Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:23.159{B81B27B7-4B39-61E8-0C00-00000000CE01}7363692C:\Windows\system32\svchost.exe{B81B27B7-4B3A-61E8-1F00-00000000CE01}2004C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071065914Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:23.159{B81B27B7-4B39-61E8-0C00-00000000CE01}7363692C:\Windows\system32\svchost.exe{B81B27B7-4B3A-61E8-1F00-00000000CE01}2004C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071065913Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:23.159{B81B27B7-4B39-61E8-0C00-00000000CE01}7363692C:\Windows\system32\svchost.exe{B81B27B7-4B3A-61E8-1F00-00000000CE01}2004C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071065912Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:23.159{B81B27B7-4B39-61E8-0C00-00000000CE01}7363692C:\Windows\system32\svchost.exe{B81B27B7-4B3A-61E8-1F00-00000000CE01}2004C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000071065911Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:23.159{B81B27B7-4B38-61E8-0500-00000000CE01}420436C:\Windows\system32\csrss.exe{B81B27B7-9EB3-61F9-BA09-02000000CE01}2572C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000071065910Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:23.159{B81B27B7-4B3A-61E8-2600-00000000CE01}21723992C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{B81B27B7-9EB3-61F9-BA09-02000000CE01}2572C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000071065909Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:23.145{B81B27B7-9EB3-61F9-BA09-02000000CE01}2572C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{B81B27B7-4B39-61E8-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{B81B27B7-4B3A-61E8-2600-00000000CE01}2172C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000071065908Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:23.128{B81B27B7-4B4D-61E8-6F00-00000000CE01}3156NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=203D79CB58EB2155FF31E9F97CC77F89,SHA256=2AD128E5283BD9EDBE2185904BF465896C948AABAF0899F5C21DDB3A478757E9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000071065907Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:23.128{B81B27B7-4B4D-61E8-6F00-00000000CE01}3156NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=CB917D43D9BA1A14492A969F0EF2E9F4,SHA256=838F5B6F972336E138C92E08F8A819CCD9F7CC8A70F69CA0692DB0E11C198187,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000150621748Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:23.111{3BF36828-4B5D-61E8-7600-00000000CF01}3900NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=1CEC285329E628F048FAEB146ED9722F,SHA256=D8A8813E1F0FFF4DC1FBFEAAE69D7744D3D31D7FC3E37A3F8623982E2FFCC640,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000071065928Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:24.753{B81B27B7-4B4D-61E8-6F00-00000000CE01}3156NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=25D07898D867D0EF144054992FA30310,SHA256=A726A3192F1E20D49B6163F307EE1E90916B466BD1E0BD0A1F674E136ED0BA7B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000150621786Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:24.721{3BF36828-4B5D-61E8-7600-00000000CF01}3900NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6F46C3C4C87BC757105C678F145C85AC,SHA256=B71E8D2967694CC4DD50A704B0ECC374518A47555CDAA51BD26C6EC64E2794B6,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000071065927Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:24.159{B81B27B7-4B4D-61E8-6F00-00000000CE01}3156NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=203D79CB58EB2155FF31E9F97CC77F89,SHA256=2AD128E5283BD9EDBE2185904BF465896C948AABAF0899F5C21DDB3A478757E9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 10341000x800000000000000071065926Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:24.003{B81B27B7-9EB3-61F9-BB09-02000000CE01}4156820C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{B81B27B7-4B3A-61E8-2600-00000000CE01}2172C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000071065929Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:25.753{B81B27B7-4B4D-61E8-6F00-00000000CE01}3156NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=094946AA18C4749AC15E4FE00576E49E,SHA256=E60127A1E2479C729112798844AC49FB241D90C1B30A27F24C7ABF8C496CBC0B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000150621799Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:25.768{3BF36828-4B5D-61E8-7600-00000000CF01}3900NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=078164D7558C321E91A8C8554C1D0723,SHA256=E43100D01029A0A8F87AD28E147E60CB464A42B8AD256F410E21BFF8C839E21A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x8000000000000000150621798Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:06.879{3BF36828-4B56-61E8-6D00-00000000CF01}4044C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local52410-false10.0.1.12-8000- 354300x8000000000000000150621797Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:06.614{3BF36828-4B49-61E8-2E00-00000000CF01}2160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-128.attackrange.local53domainfalse10.0.1.14win-dc-128.attackrange.local64191- 354300x8000000000000000150621796Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:06.613{3BF36828-4B49-61E8-2E00-00000000CF01}2160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-128.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-128.attackrange.local50002- 354300x8000000000000000150621795Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:06.611{3BF36828-4B49-61E8-2E00-00000000CF01}2160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-128.attackrange.local53domainfalse10.0.1.14win-dc-128.attackrange.local49785- 354300x8000000000000000150621794Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:06.610{3BF36828-4B49-61E8-2E00-00000000CF01}2160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-128.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-128.attackrange.local61558- 354300x8000000000000000150621793Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:06.609{3BF36828-4B49-61E8-2E00-00000000CF01}2160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-128.attackrange.local53domainfalse10.0.1.14win-dc-128.attackrange.local59401- 354300x8000000000000000150621792Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:06.605{3BF36828-4B49-61E8-2E00-00000000CF01}2160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-128.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-128.attackrange.local62748- 354300x8000000000000000150621791Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:06.604{3BF36828-4B49-61E8-2E00-00000000CF01}2160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-128.attackrange.local53domainfalse10.0.1.14win-dc-128.attackrange.local63996- 354300x8000000000000000150621790Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:06.603{3BF36828-4B49-61E8-2E00-00000000CF01}2160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-128.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-128.attackrange.local59639- 354300x8000000000000000150621789Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:06.600{3BF36828-4B49-61E8-2E00-00000000CF01}2160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-128.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-128.attackrange.local49890- 354300x8000000000000000150621788Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:06.599{3BF36828-4B49-61E8-2E00-00000000CF01}2160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-128.attackrange.local53domainfalse10.0.1.14win-dc-128.attackrange.local57412- 354300x8000000000000000150621787Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:06.598{3BF36828-4B49-61E8-2E00-00000000CF01}2160C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-128.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-128.attackrange.local59426- 23542300x800000000000000071065931Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:26.972{B81B27B7-4B4D-61E8-6F00-00000000CE01}3156NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=98AD60DB0823000A919E134EF727DCAD,SHA256=F92208C34CF19DDA54325A1984D62F606F66E9022CB7346D21DAA8348347664B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000150621800Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:26.799{3BF36828-4B5D-61E8-7600-00000000CF01}3900NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3E5CD22FF70A4E1A81BC5F4C3A0B634A,SHA256=574374DBFD6A713DA5BCE1BA58F09F8CA036A86230E34AE3FF90411A8F39F8DE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000071065930Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:18.863{B81B27B7-4B45-61E8-6600-00000000CE01}4020C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local52550-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x8000000000000000150621801Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:27.815{3BF36828-4B5D-61E8-7600-00000000CF01}3900NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4FA0D4B25A3669F0D761A1413DEC59A4,SHA256=2E48426D047828751C388330864EB780547B3D3C9898D53015C96A9315640EC1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000150621802Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:28.846{3BF36828-4B5D-61E8-7600-00000000CF01}3900NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=444524A27A3ED2B51B657169E1BF4427,SHA256=F5151C6355C063A68A3799C69D543B49DBD4E7329A0115180EB72A0661C0A2F3,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000071065932Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:28.206{B81B27B7-4B4D-61E8-6F00-00000000CE01}3156NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FB8C7159A3D5F98CE0F41832C1A21C5F,SHA256=C3445AF19F39C33606D7C6888054B3F3FBF711D22CA170000D5F8925D5D0B273,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000150621803Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:29.877{3BF36828-4B5D-61E8-7600-00000000CF01}3900NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AA8984D1C4D888BDAE8AFF9A9993E5DA,SHA256=B6E560975A397063F67926698C10ED5749E5F781E4F5AF917EB1A3336CDFCAD9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000071065933Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:29.237{B81B27B7-4B4D-61E8-6F00-00000000CE01}3156NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3B7D726D4A992BBB9092C17A1CC3161A,SHA256=6D61E430A3AD7BD74F775A5BE2844267F1F266E4F0840732CBCDFFBD48C52377,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000150621806Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:30.893{3BF36828-4B5D-61E8-7600-00000000CF01}3900NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F0D0E714E560596460A42C7971C40B36,SHA256=0C8ACDA37B14F394A5701546D86D23B0B7AF14322A75F70AEB9CEC85028A4F4A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000071065934Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:30.300{B81B27B7-4B4D-61E8-6F00-00000000CE01}3156NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=168A8B39F0B9B2AC500159BCAB28C905,SHA256=911EF518D9365D2ACBA4C64BABF8F82B116E3F3F30BD9DBDB55655FC201B6DEF,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000150621805Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:30.127{3BF36828-4B5D-61E8-7600-00000000CF01}3900NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=CF4F9E72AA92B498EBF5D8EFFF81F095,SHA256=D41CC4EE477ED0E92E27403BFFAC3EB5BABC74EDC8B170793EA60BE1329EC1FB,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000150621804Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:30.127{3BF36828-4B5D-61E8-7600-00000000CF01}3900NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=9BB28B6670A167142C2A9EB52558B274,SHA256=A27028A90EF81BF54B9170124585561AD79EE15A53A95D983FACCD3A464BD152,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000150621809Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:31.908{3BF36828-4B5D-61E8-7600-00000000CF01}3900NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=017305138A716F8329C23976170CE4E3,SHA256=DEA9483B5B7F95F5EA665C0DC1CA8B08C885884C37602A503FF40E4840162A8D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000071065935Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:31.534{B81B27B7-4B4D-61E8-6F00-00000000CE01}3156NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5A3377BAD5C39554BD1CD7F98E7DF7CD,SHA256=0CC6B09B264BC0B75B78FCA297557A5F425BE9FDC7ED2CE28ADBD2A1A17EC6E3,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x8000000000000000150621808Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:12.785{3BF36828-4B56-61E8-6D00-00000000CF01}4044C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local52411-false10.0.1.12-8000- 23542300x8000000000000000150621807Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:31.252{3BF36828-4B5D-61E8-7600-00000000CF01}3900NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=CF4F9E72AA92B498EBF5D8EFFF81F095,SHA256=D41CC4EE477ED0E92E27403BFFAC3EB5BABC74EDC8B170793EA60BE1329EC1FB,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000150621812Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:32.924{3BF36828-4B5D-61E8-7600-00000000CF01}3900NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=314155FA51BC6D8ACC7CFF0579460BB0,SHA256=8E63D2B8737575F517A45E28FC023052E729FFF416CFFC74AA91FDA5CE6126DB,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000071065937Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:32.581{B81B27B7-4B4D-61E8-6F00-00000000CE01}3156NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E2E3A7DEADE3271B0393BCB6C6D55F65,SHA256=8B0D69F4F43EADF58AC0F05F54BACCB022E8A3B0914B188AF5795E66FB1E594D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x8000000000000000150621811Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:13.895{3BF36828-4B37-61E8-0B00-00000000CF01}632C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-128.attackrange.local52412-true0:0:0:0:0:0:0:1win-dc-128.attackrange.local389ldap 354300x8000000000000000150621810Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:13.895{3BF36828-4B49-61E8-2500-00000000CF01}2824C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-128.attackrange.local52412-true0:0:0:0:0:0:0:1win-dc-128.attackrange.local389ldap 354300x800000000000000071065936Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:24.769{B81B27B7-4B45-61E8-6600-00000000CE01}4020C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local52551-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x8000000000000000150621813Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:33.940{3BF36828-4B5D-61E8-7600-00000000CF01}3900NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=67150243303C7D7DD18A8BA498943A72,SHA256=E61E61D94168D50B2A4C17CA66D8E2A9EA5CD9A786927DBD4FE775E24540B57C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000071065938Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:33.816{B81B27B7-4B4D-61E8-6F00-00000000CE01}3156NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AEA555A32ED25F471E3B2D17B2DF6490,SHA256=C7E8BBE8B3902C2F744027493192CCAA803E37F5B6833D1F1D5A0AF527507160,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000150621814Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:34.955{3BF36828-4B5D-61E8-7600-00000000CF01}3900NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7783535432450CD7CFD43973883A357C,SHA256=6C5D0E00614E218F9F96F9670F95CDF5DB951749BD9F1B8886DC6FE44A2EAB29,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000071065939Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:34.847{B81B27B7-4B4D-61E8-6F00-00000000CE01}3156NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=69B92FC4536CDA03228160DE4C9FEF11,SHA256=B640B57DF3465E31782415EFA645117EA0D88F24E7DDDEC5AD96744B052FC67B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000071065940Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:35.862{B81B27B7-4B4D-61E8-6F00-00000000CE01}3156NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BFA6696869696541D93D105C7BF4982C,SHA256=EFCC57AB00B808880DB1BDA719A72A9E7F214F490AE0C2F28DEAF0E3103B3600,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000150621815Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:35.986{3BF36828-4B5D-61E8-7600-00000000CF01}3900NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A2EB88FE025D3CFBAD8BB06E53847611,SHA256=3BBBEA6518C5AA7B715D62EA6AA7AA5F3A363053085F20CA696E81673B3D371D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000071065941Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:29.816{B81B27B7-4B45-61E8-6600-00000000CE01}4020C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local52552-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x8000000000000000150621816Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:36.065{3BF36828-4B5D-61E8-7600-00000000CF01}3900NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F58B932E0B553034CACCBC243BCC1F9E,SHA256=1EFBE450A9DD8C377385055E7514B3E27540A0E5E7E9DE8D757759F3D21ED321,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x8000000000000000150621818Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:18.707{3BF36828-4B56-61E8-6D00-00000000CF01}4044C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local52413-false10.0.1.12-8000- 23542300x8000000000000000150621817Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:37.002{3BF36828-4B5D-61E8-7600-00000000CF01}3900NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2DBF20D4722D30B770C6696D31D1F265,SHA256=DFECA9E11DEC0CA349B8897D35D3F8A8AC61644D54CCCFBDC29EFCDFA6835772,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000071065942Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:37.097{B81B27B7-4B4D-61E8-6F00-00000000CE01}3156NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1FCD889CF4DEE20BBB5686736B8B9AD0,SHA256=CD953BB5A69B76F696A953D78AAF02BE0F647A2FB75DA6A3214174A2FBFCBF5A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000071065943Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:38.112{B81B27B7-4B4D-61E8-6F00-00000000CE01}3156NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=15F3AC0980705534F1C4917D832BDE09,SHA256=F95629AC369EF44DADB66F14DCD7A14CC7A07EAAE6F2EFB9C9F05246473F77F5,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000150621819Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:38.018{3BF36828-4B5D-61E8-7600-00000000CF01}3900NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C6D47F6A9755762F18826792C17E762A,SHA256=8CA9995AEFFC4DBF50B684E17B284FC11B902BB2B90022A32416E6ED31C47132,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000071065944Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:39.347{B81B27B7-4B4D-61E8-6F00-00000000CE01}3156NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C98C0760F16214F07A0B14A238BEA513,SHA256=95E381AD0C401B26ECC9CE2F7E91F5A5DA534EB52FF78C8787C2A75638D6490C,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000150621820Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:39.033{3BF36828-4B5D-61E8-7600-00000000CF01}3900NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=647846A6AF629316B2BADE2F5123A7C9,SHA256=69D3755DDB2965B8B8872B725D9EB26CF552EB06E18E3526896BF9FD2DB842CF,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000071065945Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:40.362{B81B27B7-4B4D-61E8-6F00-00000000CE01}3156NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=76940F6A09EC81A6FA87D40318942132,SHA256=575137C336AD18EBC4FC0D30BE42A6DE90C289793251FC1E204533735C409D29,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000150621821Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:40.065{3BF36828-4B5D-61E8-7600-00000000CF01}3900NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=709C90F8FF6D234F477974AEC8E8D541,SHA256=72AAD5A5271681C79642FF3704D9B62843BA445A5CB5D1BE37EA370A821F9418,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000071065947Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:34.957{B81B27B7-4B45-61E8-6600-00000000CE01}4020C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local52553-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000071065946Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:41.597{B81B27B7-4B4D-61E8-6F00-00000000CE01}3156NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=01F553B45399E8F47CCEE807BA67726E,SHA256=7B9BF9B197B2133B0A8A5B98735557735A4F45C24307CD8FE0C1E22B7593FBA5,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x8000000000000000150621825Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:23.785{3BF36828-4B56-61E8-6D00-00000000CF01}4044C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local52414-false10.0.1.12-8000- 23542300x8000000000000000150621824Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:41.127{3BF36828-4B5D-61E8-7600-00000000CF01}3900NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F8A2251F8D5D25B403CF98E34F3756EB,SHA256=43F9562A9071B80F8103B8C0864E029B6CD05BA501D4956093E5FF614AD647CD,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000150621823Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:41.127{3BF36828-4B5D-61E8-7600-00000000CF01}3900NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=5AF4ADC638E4F40A69DCCB54EFC8EBBC,SHA256=39D0530205DC703EAE95E4B5F583CE8E742DBA10FA867DB98467B4B89F6717F2,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000150621822Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:41.080{3BF36828-4B5D-61E8-7600-00000000CF01}3900NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E296A227F2BD39D8C484458B969596BF,SHA256=67BFA9271D8C9B6B3939A3DE4931B66B58E80C22559AE226C5B36465376FF1B1,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000071065948Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:42.597{B81B27B7-4B4D-61E8-6F00-00000000CE01}3156NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=19C9591EBD356D06698B4016F3D16E7D,SHA256=39613EA804DD26D8020668341959104BFB930064C78FEE148214792DB5D60464,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000150621826Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:42.096{3BF36828-4B5D-61E8-7600-00000000CF01}3900NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A167999806A7D18C0FFA25986A090362,SHA256=C8C4088336DC76867B4B6579895710BEDFEACAAD8500B34CF3A43E311CA2739D,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000071065950Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:43.862{B81B27B7-4B3A-61E8-2600-00000000CE01}2172NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=9D45E1BDB6F237A6CF51FFC6A12E6130,SHA256=87EEE278CDF62B2B86AF9CB87BDB04BAFB10272CEA175D83979B0C43158C5AB9,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000071065949Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:43.628{B81B27B7-4B4D-61E8-6F00-00000000CE01}3156NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ACEBE114899E873768601822582EF136,SHA256=5EF17C28293FD632474CA978ADF2D901270B115323BA9E3F5A92AF39FFFF2860,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000150621827Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:43.122{3BF36828-4B5D-61E8-7600-00000000CF01}3900NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A8A1E90133FF1375B00556A57528E85D,SHA256=098BF1F0DE7D628BF5A2E1E651B28EFC8707EC75005D598563E2232FF8CC1E6E,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000071065951Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:44.769{B81B27B7-4B4D-61E8-6F00-00000000CE01}3156NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=78CF6CF7043404279988D9E88FCB0B22,SHA256=433E54C9D25ACFC225435E78C8EDCE67C7648BF1DCAB13778CD9A4553F1570DD,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000150621828Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:44.151{3BF36828-4B5D-61E8-7600-00000000CF01}3900NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3604CCA59D7165AA53D55B8A29F567CB,SHA256=FBC69E67E1FBACC9282162752CCBF10A63371D1C2E355B32A8CB04638FA021C8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000071065953Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:45.972{B81B27B7-4B4D-61E8-6F00-00000000CE01}3156NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EAA78D8E7FAEE0EE546A9A875A7D3952,SHA256=374FF767CDA3922FC52C761751A257F9F876B5582031E6A9042A31A05BBC8553,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000150621829Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:45.186{3BF36828-4B5D-61E8-7600-00000000CF01}3900NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6BBBD92750BFBBF74EC818B90E976AB9,SHA256=041F103D2DB29149C6DED7D6C449812246A65134F03126F4F2B736C4543BC26A,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000071065952Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:38.550{B81B27B7-4B3A-61E8-2600-00000000CE01}2172C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local52554-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8089- 23542300x800000000000000071065954Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:46.988{B81B27B7-4B4D-61E8-6F00-00000000CE01}3156NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=550CE1A738B377172EB458FC6CFB3954,SHA256=79191CF4203C2A8EB6FE1730BBB7A9857536D7392F61C7551D7DDF267289627B,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000150621830Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:46.201{3BF36828-4B5D-61E8-7600-00000000CF01}3900NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F529A717B7E7E4B0F46203B96A01CF78,SHA256=BDEAF342A54FB7BA4BD0617D731B1B55DE54117AA01150B5573F8F0ADE700740,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x8000000000000000150621834Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:29.734{3BF36828-4B56-61E8-6D00-00000000CF01}4044C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-128.attackrange.local52415-false10.0.1.12-8000- 23542300x8000000000000000150621833Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:47.232{3BF36828-4B5D-61E8-7600-00000000CF01}3900NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1FF73FBCA2FADB189FD3079415DA4314,SHA256=5DD4016F1C539A535A2CBC4A63280086A271888DD0592D49D2D322D421DDF9DE,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000150621832Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:47.107{3BF36828-4B5D-61E8-7600-00000000CF01}3900NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=1A31A05DEFCCB720AD30AF8304F46C6B,SHA256=2D1F107A5B1031770847E71C9D26066F50C8E8654789A2B507D8F0D90000AFC8,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000150621831Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:47.107{3BF36828-4B5D-61E8-7600-00000000CF01}3900NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F8A2251F8D5D25B403CF98E34F3756EB,SHA256=43F9562A9071B80F8103B8C0864E029B6CD05BA501D4956093E5FF614AD647CD,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000150621835Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:48.264{3BF36828-4B5D-61E8-7600-00000000CF01}3900NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B7C412DD947ADDA49E392ABC57CF4C83,SHA256=00D42955CC01E844E613202B0FF838F8992FB5D8E688F4FEE967E8D08B3A6D08,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 354300x800000000000000071065956Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:40.847{B81B27B7-4B45-61E8-6600-00000000CE01}4020C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-987.attackrange.local52555-false10.0.1.12ip-10-0-1-12.us-west-2.compute.internal8000- 23542300x800000000000000071065955Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local-2022-02-01 20:57:48.003{B81B27B7-4B4D-61E8-6F00-00000000CE01}3156NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4D0021A9CB1250716645320EDB9B274A,SHA256=7063273FB4B42C91412F1E07C3FE12FD6F6F5EB63E04A71C2E8C645EFD07B418,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x8000000000000000150621836Microsoft-Windows-Sysmon/Operationalwin-dc-128.attackrange.local-2022-02-01 20:57:49.264{3BF36828-4B5D-61E8-7600-00000000CF01}3900NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F64123A5D4CD0F1E093E35B8250B5A71,SHA256=EA39CE8C670BD3FF7AC6F309676D8A5EE76134ABD987F4385488BCA8A5BF9A10,IMPHASH=00000000000000000000000000000000falsefalse - insufficient disk space 23542300x800000000000000071065957Microsoft-Windows-Sysmon/Operationalwin-host-987.attackrange.local