154100x8000000000000000244596Microsoft-Windows-Sysmon/Operationalar-win-1-2025-10-21 17:20:40.331{5ab40fd1-c0e8-68f7-8307-000000003b02}5352C:\Windows\System32\calc.exe10.0.20348.1 (WinBuild.160101.0800)Windows CalculatorMicrosoft® Windows® Operating SystemMicrosoft CorporationCALC.EXE"C:\Windows\system32\calc.exe"C:\Program Files\Cisco\AMP\8.4.5.30483\AR-WIN-1\Administrator{5ab40fd1-8d74-68f7-e44b-100000000000}0x104be42HighMD5=1FD4DD58C75D6F2EDCDB337EE686231E,SHA256=4208893C871D2499F184E3F0F2554DA89F451FA9E98D95FC9516C5AE8F2B3BBD,IMPHASH=8EEAA9499666119D13B3F44ECD77A729{5ab40fd1-c0e7-68f7-8207-000000003b02}1768C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -noprofile -ExecutionPolicy Bypass -File \\tsclient\C\Users\Public\test.ps1AR-WIN-1\Administrator 154100x8000000000000000244594Microsoft-Windows-Sysmon/Operationalar-win-1-2025-10-21 17:20:39.576{5ab40fd1-c0e7-68f7-8207-000000003b02}1768C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.20348.2849 (WinBuild.160101.0800)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEpowershell -noprofile -ExecutionPolicy Bypass -File \\tsclient\C\Users\Public\test.ps1C:\Program Files\Cisco\AMP\8.4.5.30483\AR-WIN-1\Administrator{5ab40fd1-8d74-68f7-e44b-100000000000}0x104be42HighMD5=DD6F4B7818A253887B8EA86515F6FB7D,SHA256=38F4384643B3FA0DE714D2367B712C2E0FA1C89E2CFD131AE6B831AD962B1033,IMPHASH=AFACF6DC9041114B198160AAB4D0AE77{5ab40fd1-8deb-68f7-7e01-000000003b02}476C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" AR-WIN-1\Administrator 154100x8000000000000000244585Microsoft-Windows-Sysmon/Operationalar-win-1-2025-10-21 17:19:36.207{5ab40fd1-c0a8-68f7-7b07-000000003b02}2456C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.20348.2849 (WinBuild.160101.0800)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEpowershell -noprofile -ExecutionPolicy Bypass -File \\tsclient\C\Users\Public\notepad.exeC:\Program Files\Cisco\AMP\8.4.5.30483\AR-WIN-1\Administrator{5ab40fd1-8d74-68f7-e44b-100000000000}0x104be42HighMD5=DD6F4B7818A253887B8EA86515F6FB7D,SHA256=38F4384643B3FA0DE714D2367B712C2E0FA1C89E2CFD131AE6B831AD962B1033,IMPHASH=AFACF6DC9041114B198160AAB4D0AE77{5ab40fd1-8deb-68f7-7e01-000000003b02}476C:\Windows\System32\cmd.exe"C:\Windows\system32\cmd.exe" AR-WIN-1\Administrator 13241300x8000000000000000244584Microsoft-Windows-Sysmon/Operationalar-win-1InvDBSetValue2025-10-21 17:18:58.718{5ab40fd1-8c54-68f7-e900-000000003b02}5212C:\Windows\system32\svchost.exeHKU\S-1-5-21-1087941857-1673917154-741806574-500\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store\\\tsclient\C\Users\Public\notepad.exeBinary DataNT AUTHORITY\SYSTEM 534500x8000000000000000244582Microsoft-Windows-Sysmon/Operationalar-win-1-2025-10-21 17:18:56.717{5ab40fd1-c078-68f7-7407-000000003b02}6504\\tsclient\C\Users\Public\notepad.exeAR-WIN-1\Administrator 13241300x8000000000000000244576Microsoft-Windows-Sysmon/Operationalar-win-1InvDBSetValue2025-10-21 17:18:50.868{5ab40fd1-8c54-68f7-e900-000000003b02}5212C:\Windows\system32\svchost.exeHKU\S-1-5-21-1087941857-1673917154-741806574-500\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store\\\tsclient\C\Users\Public\notepad.exeBinary DataNT AUTHORITY\SYSTEM 154100x8000000000000000244575Microsoft-Windows-Sysmon/Operationalar-win-1-2025-10-21 17:18:48.624{5ab40fd1-c078-68f7-7407-000000003b02}6504\\tsclient\C\Users\Public\notepad.exe-----"\\tsclient\C\Users\Public\notepad.exe" \\tsclient\C\Users\Public\AR-WIN-1\Administrator{5ab40fd1-8d74-68f7-e44b-100000000000}0x104be42HighMD5=2191206584DDBC8E50AA7EEAB6E18B2D,SHA256=0F7B961E44A8DDE66229619519B3DEDE0EE4A7C413C39DFD9BDB4F0D3FF2B15E,IMPHASH=0E6BCCF88F4251909D1746DBA78CBA57{5ab40fd1-8d76-68f7-3101-000000003b02}2164C:\Windows\explorer.exeC:\Windows\Explorer.EXEAR-WIN-1\Administrator