04/28/2022 06:34:08 PM LogName=System EventCode=7045 EventType=4 ComputerName=win-dc-mhaag-attack-range-270.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-2059343465-2300599999-2417073716-500 SidType=0 SourceName=Microsoft-Windows-Service Control Manager Type=Information RecordNumber=120296 Keywords=Classic TaskCategory=None OpCode=The operation completed successfully. Message=A service was installed in the system. Service Name: combo12 Service File Name: C:\ProgramData\combo12.sys Service Type: kernel mode driver Service Start Type: auto start Service Account: 04/28/2022 06:32:57 PM LogName=System EventCode=7045 EventType=4 ComputerName=win-dc-mhaag-attack-range-270.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-2059343465-2300599999-2417073716-500 SidType=0 SourceName=Microsoft-Windows-Service Control Manager Type=Information RecordNumber=120294 Keywords=Classic TaskCategory=None OpCode=The operation completed successfully. Message=A service was installed in the system. Service Name: Atomi3222 Service File Name: C:\Users\Administrator\Desktop\artifact\_DriverInstallationPackage\builder\package 2\combo2.sys Service Type: kernel mode driver Service Start Type: auto start Service Account: 04/28/2022 06:32:16 PM LogName=System EventCode=7045 EventType=4 ComputerName=win-dc-mhaag-attack-range-270.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-2059343465-2300599999-2417073716-500 SidType=0 SourceName=Microsoft-Windows-Service Control Manager Type=Information RecordNumber=120292 Keywords=Classic TaskCategory=None OpCode=The operation completed successfully. Message=A service was installed in the system. Service Name: Atomi322 Service File Name: C:\Users\Administrator\Desktop\artifact\_DriverInstallationPackage\builder\package 2\combo.sys Service Type: kernel mode driver Service Start Type: auto start Service Account: 04/28/2022 06:29:52 PM LogName=System EventCode=7045 EventType=4 ComputerName=win-dc-mhaag-attack-range-270.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-2059343465-2300599999-2417073716-500 SidType=0 SourceName=Microsoft-Windows-Service Control Manager Type=Information RecordNumber=120288 Keywords=Classic TaskCategory=None OpCode=The operation completed successfully. Message=A service was installed in the system. Service Name: combo Team Driver Service File Name: C:\Users\Administrator\Desktop\artifact\_DriverInstallationPackage\builder\package 2\combo.sys Service Type: kernel mode driver Service Start Type: auto start Service Account: 04/28/2022 06:27:38 PM LogName=System EventCode=7045 EventType=4 ComputerName=win-dc-mhaag-attack-range-270.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-2059343465-2300599999-2417073716-500 SidType=0 SourceName=Microsoft-Windows-Service Control Manager Type=Information RecordNumber=120285 Keywords=Classic TaskCategory=None OpCode=The operation completed successfully. Message=A service was installed in the system. Service Name: Atomic Red Team Driver Service File Name: C:\Windows\System32\drivers\combroker.sys Service Type: kernel mode driver Service Start Type: auto start Service Account: 04/28/2022 06:08:14 PM LogName=System EventCode=7045 EventType=4 ComputerName=win-dc-mhaag-attack-range-270.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-2059343465-2300599999-2417073716-500 SidType=0 SourceName=Microsoft-Windows-Service Control Manager Type=Information RecordNumber=120076 Keywords=Classic TaskCategory=None OpCode=The operation completed successfully. Message=A service was installed in the system. Service Name: SysmonDrv Service File Name: C:\Windows\SysmonDrv.sys Service Type: kernel mode driver Service Start Type: boot start Service Account: 04/27/2022 02:18:35 PM LogName=System EventCode=7045 EventType=4 ComputerName=win-host-mhaag-attack-range-803 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 SourceName=Microsoft-Windows-Service Control Manager Type=Information RecordNumber=119889 Keywords=Classic TaskCategory=None OpCode=The operation completed successfully. Message=A service was installed in the system. Service Name: Npcap Packet Driver (NPCAP) Service File Name: \SystemRoot\system32\DRIVERS\npcap.sys Service Type: kernel mode driver Service Start Type: demand start Service Account: 04/27/2022 02:15:32 PM LogName=System EventCode=7045 EventType=4 ComputerName=win-host-mhaag-attack-range-803 User=NOT_TRANSLATED Sid=S-1-5-21-2480955239-1397298024-3982718667-500 SidType=0 SourceName=Microsoft-Windows-Service Control Manager Type=Information RecordNumber=119740 Keywords=Classic TaskCategory=None OpCode=The operation completed successfully. Message=A service was installed in the system. Service Name: SysmonDrv Service File Name: C:\Windows\SysmonDrv.sys Service Type: kernel mode driver Service Start Type: boot start Service Account: 04/27/2022 02:13:39 PM LogName=System EventCode=7045 EventType=4 ComputerName=win-host-mhaag-attack-range-803 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 SourceName=Microsoft-Windows-Service Control Manager Type=Information RecordNumber=119719 Keywords=Classic TaskCategory=None OpCode=The operation completed successfully. Message=A service was installed in the system. Service Name: SplunkMonitorNoHandle Service File Name: system32\DRIVERS\SplunkMonitorNoHandleDrv.sys Service Type: kernel mode driver Service Start Type: demand start Service Account: 04/27/2022 02:13:39 PM LogName=System EventCode=7045 EventType=4 ComputerName=win-host-mhaag-attack-range-803 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 SourceName=Microsoft-Windows-Service Control Manager Type=Information RecordNumber=119718 Keywords=Classic TaskCategory=None OpCode=The operation completed successfully. Message=A service was installed in the system. Service Name: splknetdrv Service File Name: \SystemRoot\system32\DRIVERS\splknetdrv.sys Service Type: kernel mode driver Service Start Type: demand start Service Account: 04/27/2022 02:13:39 PM LogName=System EventCode=7045 EventType=4 ComputerName=win-host-mhaag-attack-range-803 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 SourceName=Microsoft-Windows-Service Control Manager Type=Information RecordNumber=119717 Keywords=Classic TaskCategory=None OpCode=The operation completed successfully. Message=A service was installed in the system. Service Name: Splunk Trace Kernel Mode Driver Service File Name: \SystemRoot\system32\DRIVERS\splunkdrv.sys Service Type: kernel mode driver Service Start Type: demand start Service Account: 04/27/2022 01:59:03 PM LogName=System EventCode=7045 EventType=4 ComputerName=win-dc-mhaag-attack-range-270.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 SourceName=Microsoft-Windows-Service Control Manager Type=Information RecordNumber=119907 Keywords=Classic TaskCategory=None OpCode=The operation completed successfully. Message=A service was installed in the system. Service Name: Npcap Packet Driver (NPCAP) Service File Name: \SystemRoot\system32\DRIVERS\npcap.sys Service Type: kernel mode driver Service Start Type: demand start Service Account: 04/27/2022 01:53:50 PM LogName=System EventCode=7045 EventType=4 ComputerName=win-dc-mhaag-attack-range-270.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-2059343465-2300599999-2417073716-500 SidType=0 SourceName=Microsoft-Windows-Service Control Manager Type=Information RecordNumber=119723 Keywords=Classic TaskCategory=None OpCode=The operation completed successfully. Message=A service was installed in the system. Service Name: SysmonDrv Service File Name: C:\Windows\SysmonDrv.sys Service Type: kernel mode driver Service Start Type: boot start Service Account: 04/27/2022 01:51:48 PM LogName=System EventCode=7045 EventType=4 ComputerName=win-dc-mhaag-attack-range-270.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 SourceName=Microsoft-Windows-Service Control Manager Type=Information RecordNumber=119698 Keywords=Classic TaskCategory=None OpCode=The operation completed successfully. Message=A service was installed in the system. Service Name: SplunkMonitorNoHandle Service File Name: system32\DRIVERS\SplunkMonitorNoHandleDrv.sys Service Type: kernel mode driver Service Start Type: demand start Service Account: 04/27/2022 01:51:48 PM LogName=System EventCode=7045 EventType=4 ComputerName=win-dc-mhaag-attack-range-270.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 SourceName=Microsoft-Windows-Service Control Manager Type=Information RecordNumber=119697 Keywords=Classic TaskCategory=None OpCode=The operation completed successfully. Message=A service was installed in the system. Service Name: splknetdrv Service File Name: \SystemRoot\system32\DRIVERS\splknetdrv.sys Service Type: kernel mode driver Service Start Type: demand start Service Account: 04/27/2022 01:51:48 PM LogName=System EventCode=7045 EventType=4 ComputerName=win-dc-mhaag-attack-range-270.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 SourceName=Microsoft-Windows-Service Control Manager Type=Information RecordNumber=119696 Keywords=Classic TaskCategory=None OpCode=The operation completed successfully. Message=A service was installed in the system. Service Name: Splunk Trace Kernel Mode Driver Service File Name: \SystemRoot\system32\DRIVERS\splunkdrv.sys Service Type: kernel mode driver Service Start Type: demand start Service Account: 04/27/2022 01:49:22 PM LogName=System EventCode=7045 EventType=4 ComputerName=win-dc-mhaag-attack-range-270 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 SourceName=Microsoft-Windows-Service Control Manager Type=Information RecordNumber=119484 Keywords=Classic TaskCategory=None OpCode=The operation completed successfully. Message=A service was installed in the system. Service Name: DFS Namespace Server Filter Driver Service File Name: system32\drivers\dfs.sys Service Type: kernel mode driver Service Start Type: system start Service Account: 04/27/2022 01:49:22 PM LogName=System EventCode=7045 EventType=4 ComputerName=win-dc-mhaag-attack-range-270 User=NOT_TRANSLATED Sid=S-1-5-18 SidType=0 SourceName=Microsoft-Windows-Service Control Manager Type=Information RecordNumber=119481 Keywords=Classic TaskCategory=None OpCode=The operation completed successfully. Message=A service was installed in the system. Service Name: DFS Replication ReadOnly Driver Service File Name: system32\drivers\dfsrro.sys Service Type: kernel mode driver Service Start Type: boot start Service Account: