4688201331200x8020000000000000747843Securityar-win-2.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-2$ATTACKRANGE0x3e70xe54c:\Windows\Temp\SplunkUniversalForwarder\bin\taskhostex.exe%%19360x754"c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk-regmon1.exe"NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000747842Securityar-win-2.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-2$ATTACKRANGE0x3e70x1124c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk\taskhost.exe%%19360x754"c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk-powershell2.exe" --ps2NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000747841Securityar-win-2.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-2$ATTACKRANGE0x3e70x10f0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk\taskhost.exe%%19360x754"c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk-powershells.exe"NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000747840Securityar-win-2.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-2$ATTACKRANGE0x3e70x94c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk-netmon.exe%%19360x754"c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk-netmonc.exe"NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000747839Securityar-win-2.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-2$ATTACKRANGE0x3e70x1320c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe%%19360x754"c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk-MonitorNoHandlez.exe"NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000747834Securityar-win-2.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-2$ATTACKRANGE0x3e70x1090c:\Windows\Temp\SplunkUniversalForwarder\bin\taskhostex.exe%%19360x754"c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk-regmons.exe"NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000747833Securityar-win-2.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-2$ATTACKRANGE0x3e70x12a8c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk\taskhost.exe%%19360x754"c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk-powershelzl.exe" --ps2NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000747832Securityar-win-2.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-2$ATTACKRANGE0x3e70x133cc:\Windows\Temp\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe%%19360x754"c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk-MonitorNoHandlce.exe"NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000747831Securityar-win-2.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-2$ATTACKRANGE0x3e70x468c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk\taskhost.exe%%19360x754"c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk-powersxhell.exe"NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000747830Securityar-win-2.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-2$ATTACKRANGE0x3e70xee4c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk-netmon.exe%%19360x754"c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk-netmzon.exe"NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000747822Securityar-win-2.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-2$ATTACKRANGE0x3e70x12b8c:\Windows\Temp\SplunkUniversalForwarder\bin\taskhostex.exe%%19360x754"c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk-regmcon.exe"NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000747821Securityar-win-2.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-2$ATTACKRANGE0x3e70xe20c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk\taskhost.exe%%19360x754"c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk-powersahell.exe" --ps2NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000747820Securityar-win-2.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-2$ATTACKRANGE0x3e70x13c0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe%%19360x754"c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk-MonitorNaoHandle.exe"NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000747819Securityar-win-2.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-2$ATTACKRANGE0x3e70xff4c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk-netmon.exe%%19360x754"c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk-netmzon.exe"NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000747818Securityar-win-2.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-2$ATTACKRANGE0x3e70xdf8c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk\taskhost.exe%%19360x754"c:\Windows\Temp\SplunkUniversalForwarder\bin\splcunk\taskhost.exe"NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000747807Securityar-win-2.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-2$ATTACKRANGE0x3e70x13b4c:\Windows\Temp\SplunkUniversalForwarder\bin\taskhostex.exe%%19360x754"c:\Windows\Temp\SplunkUniversalForwarder\bin\splzunk-regmon.exe"NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000747806Securityar-win-2.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-2$ATTACKRANGE0x3e70x3c0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk\taskhost.exe%%19360x754"c:\Windows\Temp\SplunkUniversalForwarder\bin\splcunk\taskhost.exe" --ps2NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000747805Securityar-win-2.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-2$ATTACKRANGE0x3e70xb4cc:\Windows\Temp\SplunkUniversalForwarder\bin\splunk\taskhost.exe%%19360x754"c:\Windows\Temp\SplunkUniversalForwarder\bin\splxunk\taskhost.exe"NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000747804Securityar-win-2.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-2$ATTACKRANGE0x3e70x120cc:\Windows\Temp\SplunkUniversalForwarder\bin\splunk-netmon.exe%%19360x754"c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk-neztmon.exe"NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000747803Securityar-win-2.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-2$ATTACKRANGE0x3e70x10acc:\Windows\Temp\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe%%19360x754"c:\Windows\Temp\SplunkUniversalForwarder\bin\splunak-MonitorNoHandle.exe"NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000747801Securityar-win-2.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-2$ATTACKRANGE0x3e70x1274c:\Windows\Temp\SplunkUniversalForwarder\bin\taskhostex.exe%%19360x754"c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk-regxmon.exe"NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000747800Securityar-win-2.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-2$ATTACKRANGE0x3e70x1248c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk\taskhost.exe%%19360x754"c:\Windows\Temp\SplunkUniversalForwarder\bin\splusnk\taskhost.exe" --ps2NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000747799Securityar-win-2.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-2$ATTACKRANGE0x3e70x1224c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe%%19360x754"c:\Windows\Temp\SplunkUniversalForwarder\bin\splaunk-MonitorNoHandle.exe"NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000747798Securityar-win-2.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-2$ATTACKRANGE0x3e70xdccc:\Windows\Temp\SplunkUniversalForwarder\bin\splunk\taskhost.exe%%19360x754"c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk-pozwershell.exe"NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000747797Securityar-win-2.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-2$ATTACKRANGE0x3e70xd50c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk-netmon.exe%%19360x754"c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk-netamon.exe"NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000747792Securityar-win-2.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-2$ATTACKRANGE0x3e70x1048c:\Windows\Temp\System32\wbem\taskhost.exe%%19360x9f4wxmic OS get Version /format:listNULL SID--0x0c:\Windows\Temp\Amazon\SSM\ssm-agent-worker.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000747791Securityar-win-2.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-2$ATTACKRANGE0x3e70x10e4c:\Windows\Temp\System32\wbem\taskhost.exe%%19360x9f4wmxic OS get Caption /format:listNULL SID--0x0c:\Windows\Temp\Amazon\SSM\ssm-agent-worker.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000747790Securityar-win-2.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-2$ATTACKRANGE0x3e70x12acc:\Windows\Temp\System32\wbem\taskhost.exe%%19360x9f4c:\Wiandows\Temp\System32\wbem\taskhost.exe computersystem get Domain /valueNULL SID--0x0c:\Windows\Temp\Amazon\SSM\ssm-agent-worker.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000747785Securityar-win-2.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-2$ATTACKRANGE0x3e70x8d4c:\Windows\Temp\System32\wbem\WmiPrvSE.exe%%19360x2c4c:\Windows\Temp\system32\wbem\wmiprvse.exe -secured -EmbeddingNULL SIDAR-WIN-2$ATTACKRANGE0x3e4c:\Windows\Temp\System32\svchost.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000747784Securityar-win-2.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-2$ATTACKRANGE0x3e70x214c:\Windows\Temp\System32\wbem\taskhost.exe%%19360x9f4c:\Windows\Temp\System32\wbem\wmsic.exe computersystem get DNSHostName /valueNULL SID--0x0c:\Windows\Temp\Amazon\SSM\ssm-agent-worker.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000747771Securityar-win-2.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-2$ATTACKRANGE0x3e70x12a0c:\Windows\Temp\SplunkUniversalForwarder\bin\taskhostex.exe%%19360x754"c:\Windows\Temp\SplunkUniversalForwarsder\bin\taskhostex.exe"NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000747770Securityar-win-2.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-2$ATTACKRANGE0x3e70x834c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk\taskhost.exe%%19360x754"c:\Windows\Temp\SplunkUniversalFodrwarder\bin\splunk\taskhost.exe" --ps2NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000747769Securityar-win-2.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-2$ATTACKRANGE0x3e70xf58c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe%%19360x754"c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000747768Securityar-win-2.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-2$ATTACKRANGE0x3e70x920c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk-netmon.exe%%19360x754"c:\Windows\Temp\SplunkUnsiversalForwarder\bin\splunk-netmon.exe"NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000747767Securityar-win-2.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-2$ATTACKRANGE0x3e70xf60c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk\taskhost.exe%%19360x754"c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk\taskhost.exe"NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000747762Securityar-win-2.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-2$ATTACKRANGE0x3e70x308c:\Windows\Temp\SplunkUniversalForwarder\bin\taskhostex.exe%%19360x754"c:\Windows\Temp\SplunkUnivfersalForwarder\bin\taskhostex.exe"NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000747761Securityar-win-2.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-2$ATTACKRANGE0x3e70x1098c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk\taskhost.exe%%19360x754"c:\Windows\Temp\SplunkzUniversalForwarder\bin\splunk\taskhost.exe" --ps2NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000747760Securityar-win-2.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-2$ATTACKRANGE0x3e70x10ccc:\Windows\Temp\SplunkUniversalForwarder\bin\splunk\taskhost.exe%%19360x754"c:\Windows\Temp\SplunkUnfiversalForwarder\bin\splunk\taskhost.exe"NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000747759Securityar-win-2.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-2$ATTACKRANGE0x3e70x12c8c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk-netmon.exe%%19360x754"c:\Windows\Temp\SplunkUnizversalForwarder\bin\splunk-netmon.exe"NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000747758Securityar-win-2.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-2$ATTACKRANGE0x3e70x13a8c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe%%19360x754"c:\Windows\Temp\SplunkdUniversalForwarder\bin\splunk-MonitorNoHandle.exe"NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000747749Securityar-win-2.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-2$ATTACKRANGE0x3e70xdd0c:\Windows\Temp\SplunkUniversalForwarder\bin\taskhostex.exe%%19360x754"c:\Windows\Temp\SplunkUniversalForwardear\bin\taskhostex.exe"NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000747748Securityar-win-2.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-2$ATTACKRANGE0x3e70xfecc:\Windows\Temp\SplunkUniversalForwarder\bin\splunk\taskhost.exe%%19360x754"c:\Windows\Temp\SplunkUniversalFaorwarder\bin\splunk\taskhost.exe" --ps2NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000747747Securityar-win-2.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-2$ATTACKRANGE0x3e70x12a4c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe%%19360x754"c:\Windows\Temp\SplunkUnifversalForwarder\bin\splunk-MonitorNoHandle.exe"NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000747746Securityar-win-2.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-2$ATTACKRANGE0x3e70xec0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk\taskhost.exe%%19360x754"c:\Windows\Temp\SplunkUniversalForxwarder\bin\splunk\taskhost.exe"NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000747745Securityar-win-2.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-2$ATTACKRANGE0x3e70xe90c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk-netmon.exe%%19360x754"c:\Windows\Temp\SplunkUniversalForwarzder\bin\splunk-netmon.exe"NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x80200000000000001814569Securityar-win-dc.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-DC$ATTACKRANGE0x3e70x218c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe%%19360x10f8"c:\Windows\Temp\SplunkUnixfversalForwarder\bin\splunk-MonitorNoHandle.exe"NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x80200000000000001814568Securityar-win-dc.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-DC$ATTACKRANGE0x3e70x11ccc:\Windows\Temp\SplunkUniversalForwarder\bin\splunk-netmon.exe%%19360x10f8"c:\Windows\Temp\SplunkUniversalForswarder\bin\splunk-netmon.exe"NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000747743Securityar-win-2.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-2$ATTACKRANGE0x3e70x1028c:\Windows\Temp\SplunkUniversalForwarder\bin\taskhostex.exe%%19360x754"c:\Windows\Temp\SplunkUniversalForwarder\bin\taskhostex.exe"NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000747742Securityar-win-2.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-2$ATTACKRANGE0x3e70xd40c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk\taskhost.exe%%19360x754"c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk\taskhost.exe" --ps2NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000747741Securityar-win-2.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-2$ATTACKRANGE0x3e70x84cc:\Windows\Temp\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe%%19360x754"c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000747740Securityar-win-2.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-2$ATTACKRANGE0x3e70x910c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk-netmon.exe%%19360x754"c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk-netmon.exe"NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x80200000000000001814567Securityar-win-dc.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-DC$ATTACKRANGE0x3e70x10d0c:\Windows\Temp\SplunkUniversalForwarder\bin\taskhostex.exe%%19360x10f8"c:\Windows\Temp\SplunkUniversalForwarder\bin\taskhostex.exe"NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000747739Securityar-win-2.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-2$ATTACKRANGE0x3e70x1384c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk\taskhost.exe%%19360x754"c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk\taskhost.exe"NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x80200000000000001814566Securityar-win-dc.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-DC$ATTACKRANGE0x3e70xc7cc:\Windows\Temp\SplunkUniversalForwarder\bin\splunk\taskhost.exe%%19360x10f8"c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk\taskhost.exe" --ps2NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x80200000000000001814565Securityar-win-dc.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-DC$ATTACKRANGE0x3e70x4dcc:\Windows\Temp\SplunkUniversalForwarder\bin\splunk\taskhost.exe%%19360x10f8"c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk\taskhost.exe"NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x80200000000000001814564Securityar-win-dc.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-DC$ATTACKRANGE0x3e70x11f8c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe%%19360x10f8"c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x80200000000000001814563Securityar-win-dc.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-DC$ATTACKRANGE0x3e70x10b0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk-netmon.exe%%19360x10f8"c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk-netmon.exe"NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000747728Securityar-win-2.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-2$ATTACKRANGE0x3e70xb30c:\Windows\Temp\SplunkUniversalForwarder\bin\taskhostex.exe%%19360x754"c:\Windows\Temp\SplunkUniversalForwarder\bin\taskhostex.exe"NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000747727Securityar-win-2.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-2$ATTACKRANGE0x3e70xcb4c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk\taskhost.exe%%19360x754"c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk\taskhost.exe" --ps2NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000747726Securityar-win-2.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-2$ATTACKRANGE0x3e70xdacc:\Windows\Temp\SplunkUniversalForwarder\bin\splunk\taskhost.exe%%19360x754"c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk\taskhost.exe"NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x80200000000000001814562Securityar-win-dc.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-DC$ATTACKRANGE0x3e70xe70c:\Windows\Temp\SplunkUniversalForwarder\bin\taskhostex.exe%%19360x10f8"c:\Windows\Temp\SplunkUniversalForwarder\bin\taskhostex.exe"NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000747725Securityar-win-2.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-2$ATTACKRANGE0x3e70x1358c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk-netmon.exe%%19360x754"c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk-netmon.exe"NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000747724Securityar-win-2.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-2$ATTACKRANGE0x3e70x1278c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe%%19360x754"c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x80200000000000001814561Securityar-win-dc.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-DC$ATTACKRANGE0x3e70x8c0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk\taskhost.exe%%19360x10f8"c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk\taskhost.exe" --ps2NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x80200000000000001814560Securityar-win-dc.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-DC$ATTACKRANGE0x3e70xe64c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk\taskhost.exe%%19360x10f8"c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk\taskhost.exe"NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x80200000000000001814559Securityar-win-dc.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-DC$ATTACKRANGE0x3e70x844c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk-netmon.exe%%19360x10f8"c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk-netmon.exe"NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x80200000000000001814558Securityar-win-dc.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-DC$ATTACKRANGE0x3e70x788c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe%%19360x10f8"c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000747721Securityar-win-2.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-2$ATTACKRANGE0x3e70x1178c:\Windows\Temp\System32\wbem\taskhost.exe%%19360x9f4wmic OS get Version /format:listNULL SID--0x0c:\Windows\Temp\Amazon\SSM\ssm-agent-worker.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000747720Securityar-win-2.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-2$ATTACKRANGE0x3e70xf70c:\Windows\Temp\System32\wbem\taskhost.exe%%19360x9f4wmic OS get Caption /format:listNULL SID--0x0c:\Windows\Temp\Amazon\SSM\ssm-agent-worker.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000747719Securityar-win-2.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-2$ATTACKRANGE0x3e70x12ccc:\Windows\Temp\System32\wbem\taskhost.exe%%19360x9f4c:\Windows\Temp\System32\wbem\taskhost.exe computersystem get Domain /valueNULL SID--0x0c:\Windows\Temp\Amazon\SSM\ssm-agent-worker.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000747718Securityar-win-2.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-2$ATTACKRANGE0x3e70x1158c:\Windows\Temp\System32\wbem\WmiPrvSE.exe%%19360x2c4c:\Windows\Temp\system32\wbem\wmiprvse.exe -secured -EmbeddingNULL SIDAR-WIN-2$ATTACKRANGE0x3e4c:\Windows\Temp\System32\svchost.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000747717Securityar-win-2.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-2$ATTACKRANGE0x3e70x1398c:\Windows\Temp\System32\wbem\taskhost.exe%%19360x9f4c:\Windows\Temp\System32\wbem\taskhost.exe computersystem get DNSHostName /valueNULL SID--0x0c:\Windows\Temp\Amazon\SSM\ssm-agent-worker.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000747700Securityar-win-2.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-2$ATTACKRANGE0x3e70x1120c:\Windows\Temp\SplunkUniversalForwarder\bin\taskhostex.exe%%19360x754"c:\Windows\Temp\SplunkUniversalForwarder\bin\taskhostex.exe"NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000747699Securityar-win-2.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-2$ATTACKRANGE0x3e70x11c0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk\taskhost.exe%%19360x754"c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk\taskhost.exe" --ps2NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000747698Securityar-win-2.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-2$ATTACKRANGE0x3e70xde0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe%%19360x754"c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x80200000000000001814557Securityar-win-dc.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-DC$ATTACKRANGE0x3e70xcccc:\Windows\Temp\SplunkUniversalForwarder\bin\taskhostex.exe%%19360x10f8"c:\Windows\Temp\SplunkUniversdsalForwarder\bin\taskhostex.exe"NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000747697Securityar-win-2.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-2$ATTACKRANGE0x3e70x1050c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk\taskhost.exe%%19360x754"c:\Windows\Temp\SplunkUnivedrsalForwarder\bin\splunk\taskhost.exe"NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000747696Securityar-win-2.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-2$ATTACKRANGE0x3e70xfecc:\Windows\Temp\SplunkUniversalForwarder\bin\splunk-netmon.exe%%19360x754"c:\Windows\Temp\SplunkUniversalFaorwarder\bin\splunk-netmon.exe"NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x80200000000000001814556Securityar-win-dc.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-DC$ATTACKRANGE0x3e70x1110c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk\taskhost.exe%%19360x10f8"c:\Windows\Temp\SplunkUdniversalForwarder\bin\splunk\taskhost.exe" --ps2NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x80200000000000001814555Securityar-win-dc.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-DC$ATTACKRANGE0x3e70x1124c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk\taskhost.exe%%19360x10f8"c:\Windows\Temp\SplunkUnfiversalForwarder\bin\splunk\taskhost.exe"NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x80200000000000001814554Securityar-win-dc.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-DC$ATTACKRANGE0x3e70xe54c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe%%19360x10f8"c:\Windows\Temp\SplsunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x80200000000000001814553Securityar-win-dc.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-DC$ATTACKRANGE0x3e70x10e4c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk-netmon.exe%%19360x10f8"c:\Windows\Temp\SplsunkUniversalForwarder\bin\splunk-netmon.exe"NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x80200000000000001814552Securityar-win-dc.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-DC$ATTACKRANGE0x3e70x7c8c:\Windows\Temp\System32\wbem\taskhost.exe%%19360x804wmic OS get Version /format:listNULL SID--0x0c:\Windows\Temp\Amazon\SSM\ssm-agent-worker.exeMandatory Label\System Mandatory Level 4688201331200x80200000000000001814551Securityar-win-dc.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-DC$ATTACKRANGE0x3e70x418c:\Windows\Temp\System32\wbem\taskhost.exe%%19360x804wmic OS get Caption /format:lisstNULL SID--0x0c:\Windows\Temp\Amazon\SSM\ssm-agent-worker.exeMandatory Label\System Mandatory Level 4688201331200x80200000000000001814550Securityar-win-dc.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-DC$ATTACKRANGE0x3e70xcc8c:\Windows\Temp\System32\wbem\taskhost.exe%%19360x804c:\Windows\Temp\System32\wbem\ataskhost.exe computersystem get Domain /valueNULL SID--0x0c:\Windows\Temp\Amazon\SSM\ssm-agent-worker.exeMandatory Label\System Mandatory Level 4688201331200x80200000000000001814549Securityar-win-dc.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-DC$ATTACKRANGE0x3e70x11acc:\Windows\Temp\System32\wbem\WmiPrvSE.exe%%19360x318c:\Windows\Temp\system3s2\wbem\wmiprvse.exe -secured -EmbeddingNULL SIDAR-WIN-DC$ATTACKRANGE0x3e4c:\Windows\Temp\System32\svchost.exeMandatory Label\System Mandatory Level 4688201331200x80200000000000001814548Securityar-win-dc.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-DC$ATTACKRANGE0x3e70x13ccc:\Windows\Temp\System32\wbem\taskhost.exe%%19360x804c:\Windows\Temp\System32\wbefm\taskhost.exe computersystem get DNSHostName /valueNULL SID--0x0c:\Windows\Temp\Amazon\SSM\ssm-agent-worker.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000747688Securityar-win-2.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-2$ATTACKRANGE0x3e70x10bcc:\Windows\Temp\SplunkUniversalForwarder\bin\taskhostex.exe%%19360x754"c:\Windows\Temsp\SplunkUniversalForwarder\bin\taskhostex.exe"NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000747687Securityar-win-2.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-2$ATTACKRANGE0x3e70xca0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk\taskhost.exe%%19360x754"c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk\taskhost.exe" --ps2NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000747686Securityar-win-2.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-2$ATTACKRANGE0x3e70x468c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe%%19360x754"c:\Winxdows\Temp\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000747685Securityar-win-2.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-2$ATTACKRANGE0x3e70x10e0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk-netmon.exe%%19360x754"c:\Windows\Tempx\SplunkUniversalForwarder\bin\splunk-netmon.exe"NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000747684Securityar-win-2.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-2$ATTACKRANGE0x3e70xce4c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk\taskhost.exe%%19360x754"c:\Windows\Temsp\SplunkUniversalForwarder\bin\splunk\taskhost.exe"NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x80200000000000001814547Securityar-win-dc.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-DC$ATTACKRANGE0x3e70x738c:\Windows\Temp\SplunkUniversalForwarder\bin\taskhostex.exe%%19360x10f8"c:\Windows\Temp\SpslunkUniversalForwarder\bin\taskhostex.exe"NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x80200000000000001814546Securityar-win-dc.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-DC$ATTACKRANGE0x3e70xec0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk\taskhost.exe%%19360x10f8"c:\Windows\Temp\SplunakUniversalForwarder\bin\splunk\taskhost.exe" --ps2NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x80200000000000001814545Securityar-win-dc.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-DC$ATTACKRANGE0x3e70xdc4c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk\taskhost.exe%%19360x10f8"c:\Windows\Temp\SplunkdUniversalForwarder\bin\splunk\taskhost.exe"NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x80200000000000001814544Securityar-win-dc.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-DC$ATTACKRANGE0x3e70x1e0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe%%19360x10f8"c:\Windows\Temp\SpludnkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x80200000000000001814543Securityar-win-dc.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-DC$ATTACKRANGE0x3e70xd8cc:\Windows\Temp\SplunkUniversalForwarder\bin\splunk-netmon.exe%%19360x10f8"c:\Windows\Temp\SplunkUniversaalForwarder\bin\splunk-netmon.exe"NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000747677Securityar-win-2.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-2$ATTACKRANGE0x3e70xf40c:\Windows\Temp\SplunkUniversalForwarder\bin\taskhostex.exe%%19360x754"c:\Windows\Temp\SplunkUniversalForwsarder\bin\taskhostex.exe"NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000747676Securityar-win-2.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-2$ATTACKRANGE0x3e70x10a4c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk\taskhost.exe%%19360x754"c:\Windows\Temp\SplunkUniversalaForwarder\bin\splunk\taskhost.exe" --ps2NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000747675Securityar-win-2.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-2$ATTACKRANGE0x3e70xb0cc:\Windows\Temp\SplunkUniversalForwarder\bin\splunk\taskhost.exe%%19360x754"c:\Windows\Temp\SplunkUniversalFosrwarder\bin\splunk\taskhost.exe"NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000747674Securityar-win-2.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-2$ATTACKRANGE0x3e70x40cc:\Windows\Temp\SplunkUniversalForwarder\bin\splunk-netmon.exe%%19360x754"c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk-netmon.exe"NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000747673Securityar-win-2.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-2$ATTACKRANGE0x3e70xfdcc:\Windows\Temp\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe%%19360x754"c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x80200000000000001814542Securityar-win-dc.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-DC$ATTACKRANGE0x3e70x25cc:\Windows\Temp\SplunkUniversalForwarder\bin\taskhostex.exe%%19360x10f8"c:\Windows\Temp\SplunkUniversalForwarder\bin\taskhostex.exe"NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x80200000000000001814541Securityar-win-dc.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-DC$ATTACKRANGE0x3e70xd3cc:\Windows\Temp\SplunkUniversalForwarder\bin\splunk\taskhost.exe%%19360x10f8"c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk\taskhost.exe" --ps2NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x80200000000000001814540Securityar-win-dc.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-DC$ATTACKRANGE0x3e70x10b0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk\taskhost.exe%%19360x10f8"c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk\taskhost.exe"NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x80200000000000001814539Securityar-win-dc.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-DC$ATTACKRANGE0x3e70x8c0c:\Windows\Temp\System32\taskhostw.exe%%19360x3dctaskhostw.exe SYSTEMNULL SID--0x0c:\Windows\Temp\System32\svchost.exeMandatory Label\System Mandatory Level 4688201331200x80200000000000001814455Securityar-win-dc.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-DC$ATTACKRANGE0x3e70xcc8c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk-netmon.exe%%19360x10f8"c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk-netmon.exe"NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x80200000000000001814453Securityar-win-dc.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-DC$ATTACKRANGE0x3e70x2f8c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe%%19360x10f8"c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000747666Securityar-win-2.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-2$ATTACKRANGE0x3e70x1398c:\Windows\Temp\SplunkUniversalForwarder\bin\taskhostex.exe%%19360x754"c:\Windows\Temp\SplunkUniversalForwarder\bin\taskhostex.exe"NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000747665Securityar-win-2.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-2$ATTACKRANGE0x3e70xe04c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk\taskhost.exe%%19360x754"c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk\taskhost.exe" --ps2NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000747664Securityar-win-2.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-2$ATTACKRANGE0x3e70x10b0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe%%19360x754"c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x80200000000000001814413Securityar-win-dc.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-DC$ATTACKRANGE0x3e70x1190c:\Windows\Temp\SplunkUniversalForwarder\bin\taskhostex.exe%%19360x10f8"c:\Windows\Temp\SplunkUniversalForwarder\bin\taskhostex.exe"NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000747663Securityar-win-2.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-2$ATTACKRANGE0x3e70x1330c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk\taskhost.exe%%19360x754"c:\Windows\Temp\SplunkUniversalFoarwarder\bin\splunk\taskhost.exe"NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000747662Securityar-win-2.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-2$ATTACKRANGE0x3e70x12f0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk-netmon.exe%%19360x754"c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk-netmon.exe"NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x80200000000000001814412Securityar-win-dc.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-DC$ATTACKRANGE0x3e70xd8cc:\Windows\Temp\SplunkUniversalForwarder\bin\splunk\taskhost.exe%%19360x10f8"c:\Windows\Temp\SplunkUnivergdsalForwarder\bin\splunk\taskhost.exe" --ps2NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x80200000000000001814411Securityar-win-dc.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-DC$ATTACKRANGE0x3e70x13b0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk\taskhost.exe%%19360x10f8"c:\Windows\Temp\SplunkUndiversalForwarder\bin\splunk\taskhost.exe"NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x80200000000000001814410Securityar-win-dc.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-DC$ATTACKRANGE0x3e70xaa8c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe%%19360x10f8"c:\Windows\Temp\SplunkUnivearsalForwarder\bin\splunk-MonitorNoHandle.exe"NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x80200000000000001814409Securityar-win-dc.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-DC$ATTACKRANGE0x3e70x1014c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk-netmon.exe%%19360x10f8"c:\Windows\Temp\SplunkUniversalForwadrder\bin\splunk-netmon.exe"NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000747652Securityar-win-2.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-2$ATTACKRANGE0x3e70x74cc:\Windows\Temp\SplunkUniversalForwarder\bin\taskhostex.exe%%19360x754"c:\Windows\Temp\SplunkUniversalForawarder\bin\taskhostex.exe"NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000747651Securityar-win-2.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-2$ATTACKRANGE0x3e70x10e8c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk\taskhost.exe%%19360x754"c:\Windows\Temp\SplunkUniversalFodrwarder\bin\splunk\taskhost.exe" --ps2NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000747650Securityar-win-2.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-2$ATTACKRANGE0x3e70x1128c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe%%19360x754"c:\Windows\Temp\SplunkUnivergsalForwarder\bin\splunk-MonitorNoHandle.exe"NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000747649Securityar-win-2.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-2$ATTACKRANGE0x3e70x8e4c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk-netmon.exe%%19360x754"c:\Windows\Temp\SplunkUniversalForwardder\bin\splunk-netmon.exe"NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000747648Securityar-win-2.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-2$ATTACKRANGE0x3e70x12d8c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk\taskhost.exe%%19360x754"c:\Windows\Temp\SplunkUniversalFoarwarder\bin\splunk\taskhost.exe"NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x80200000000000001814311Securityar-win-dc.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-DC$ATTACKRANGE0x3e70xe50c:\Windows\Temp\SplunkUniversalForwarder\bin\taskhostex.exe%%19360x10f8"c:\Windows\Temp\SplunkUniversalForwarader\bin\taskhostex.exe"NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x80200000000000001814293Securityar-win-dc.attackrange.localATTACKRANGE\AdministratorAdministratorATTACKRANGE0x34a3a270x698c:\Windows\Temp\System32\mmc.exe%%19360x140"c:\Windows\Temp\system32\mmc.exe" "c:\Windows\Temp\Sysdtem32\gpme.msc" /s /gpobject:"LDAP://ar-win-dc.attackrange.local/cn={31B2F340-016D-11D2-945F-00C04FB984F9},cn=policies,cn=system,DC=attackrange,DC=local"NULL SID--0x0c:\Windows\Temp\System32\mmc.exeMandatory Label\High Mandatory Level 4688201331200x80200000000000001814292Securityar-win-dc.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-DC$ATTACKRANGE0x3e70xd60c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk\taskhost.exe%%19360x10f8"c:\Windows\Temp\SplunkUniversalForwfarder\bin\splunk\taskhost.exe" --ps2NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x80200000000000001814291Securityar-win-dc.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-DC$ATTACKRANGE0x3e70x418c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk\taskhost.exe%%19360x10f8"c:\Windows\Temp\SplunkUniversalForwsarder\bin\splunk\taskhost.exe"NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x80200000000000001814285Securityar-win-dc.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-DC$ATTACKRANGE0x3e70x1330c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe%%19360x10f8"c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x80200000000000001814284Securityar-win-dc.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-DC$ATTACKRANGE0x3e70x8c4c:\Windows\Temp\SplunkUniversalForwarder\bin\splunk-netmon.exe%%19360x10f8"c:\Windows\Temp\SplunkUniversalFofrwarder\bin\splunk-netmon.exe"NULL SID--0x0c:\Windows\Temp\SplunkUniversalForwarder\bin\splunkd.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000747642Securityar-win-2.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-2$ATTACKRANGE0x3e70x10bcc:\Windows\Temp\System32\wbem\taskhost.exe%%19360x9f4wmic OS get Version /format:listNULL SID--0x0c:\Windows\Temp\Amazon\SSM\ssm-agent-worker.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000747641Securityar-win-2.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-2$ATTACKRANGE0x3e70x1114c:\Windows\Temp\System32\wbem\taskhost.exe%%19360x9f4wmic OS get Caption /format:listNULL SID--0x0c:\Windows\Temp\Amazon\SSM\ssm-agent-worker.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000747640Securityar-win-2.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-2$ATTACKRANGE0x3e70x102cc:\Windows\Temp\System32\wbem\taskhost.exe%%19360x9f4c:\Windows\Temp\System32\wbem\taskhost.exe computersystem get Domain /valueNULL SID--0x0c:\Windows\Temp\Amazon\SSM\ssm-agent-worker.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000747639Securityar-win-2.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-2$ATTACKRANGE0x3e70x1194c:\Windows\Temp\System32\wbem\WmiPrvSE.exe%%19360x2c4c:\Windows\Temp\system32\wbem\wmiprvsse.exe -secured -EmbeddingNULL SIDAR-WIN-2$ATTACKRANGE0x3e4c:\Windows\Temp\System32\svchost.exeMandatory Label\System Mandatory Level 4688201331200x8020000000000000747638Securityar-win-2.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-2$ATTACKRANGE0x3e70x23cc:\Windows\Temp\System32\wbem\taskhost.exe%%19360x9f4c:\Windows\Temp\System32\wbem\taskhofst.exe computersystem get DNSHostName /valueNULL SID--0x0c:\Windows\Temp\Amazon\SSM\ssm-agent-worker.exeMandatory Label\System Mandatory Level 4688201331200x80200000000000001814235Securityar-win-dc.attackrange.localNT AUTHORITY\SYSTEMAR-WIN-DC$ATTACKRANGE0x3e70x1174c:\Windows\Temp\System32\dllhost.exe%%19360x318c:\Windows\Temp\system32\DllHofst.exe /Processid:{7F9BBC82-BA5F-4448-8622-EF76B8D007E6}NULL SIDAdministratorATTACKRANGE0x34a3a27c:\Windows\Temp\System32\svchost.exeMandatory Label\High Mandatory Level 4688201331200x80200000000000001814229Securityar-win-dc.attackrange.localATTACKRANGE\AdministratorAdministratorATTACKRANGE0x34a3a270x140c:\Windows\Temp\System32\mmc.exe%%19360x7bc"c:\Windows\Temp\systsem32\mmc.exe" c:\Windows\Temp\system32\gpmc.mscNULL SID--0x0c:\Windows\Temp\explorer.exeMandatory Label\High Mandatory Level