154100x80000000000000007694Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-05-25 13:08:08.136{953948C6-5DB8-646F-6B07-00000000EC02}3904C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{953948C6-1007-646F-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{00000000-0000-0000-0000-000000000000}2316--- 154100x80000000000000007695Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-05-25 13:08:11.886{953948C6-5DBB-646F-6C07-00000000EC02}5600C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{953948C6-1007-646F-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{00000000-0000-0000-0000-000000000000}2316--- 154100x80000000000000007696Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-05-25 13:08:13.808{953948C6-5DBD-646F-6D07-00000000EC02}292C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{953948C6-1007-646F-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{00000000-0000-0000-0000-000000000000}2316--- 154100x80000000000000007697Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-05-25 13:08:14.718{953948C6-5DBE-646F-6E07-00000000EC02}4764C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{953948C6-1007-646F-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{00000000-0000-0000-0000-000000000000}2316--- 154100x80000000000000007698Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-05-25 13:08:15.455{953948C6-5DBF-646F-6F07-00000000EC02}4508C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{953948C6-1007-646F-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{00000000-0000-0000-0000-000000000000}2316--- 154100x80000000000000004946Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-25 13:08:58.634{03799797-5DEA-646F-4307-00000000ED02}4976C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{03799797-100B-646F-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{00000000-0000-0000-0000-000000000000}1936--- 154100x80000000000000004947Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-25 13:09:00.857{03799797-5DEC-646F-4407-00000000ED02}4860C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{03799797-100B-646F-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{00000000-0000-0000-0000-000000000000}1936--- 154100x80000000000000004948Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-25 13:09:02.866{03799797-5DEE-646F-4507-00000000ED02}2820C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{03799797-100B-646F-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{00000000-0000-0000-0000-000000000000}1936--- 154100x80000000000000004949Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-25 13:09:03.724{03799797-5DEF-646F-4607-00000000ED02}3868C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{03799797-100B-646F-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{00000000-0000-0000-0000-000000000000}1936--- 154100x80000000000000004950Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-25 13:09:04.500{03799797-5DF0-646F-4707-00000000ED02}3820C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{03799797-100B-646F-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{00000000-0000-0000-0000-000000000000}1936--- 154100x80000000000000007699Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-05-25 13:09:08.130{953948C6-5DF4-646F-7007-00000000EC02}448C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{953948C6-1007-646F-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{00000000-0000-0000-0000-000000000000}2316--- 154100x80000000000000007700Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-05-25 13:09:11.879{953948C6-5DF7-646F-7107-00000000EC02}5928C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{953948C6-1007-646F-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{00000000-0000-0000-0000-000000000000}2316--- 154100x80000000000000007701Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-05-25 13:09:13.808{953948C6-5DF9-646F-7207-00000000EC02}5424C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{953948C6-1007-646F-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{00000000-0000-0000-0000-000000000000}2316--- 154100x80000000000000007702Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-05-25 13:09:14.715{953948C6-5DFA-646F-7307-00000000EC02}3488C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{953948C6-1007-646F-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{00000000-0000-0000-0000-000000000000}2316--- 154100x80000000000000007703Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-05-25 13:09:15.455{953948C6-5DFB-646F-7407-00000000EC02}4740C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{953948C6-1007-646F-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{00000000-0000-0000-0000-000000000000}2316--- 154100x80000000000000004951Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-25 13:09:58.650{03799797-5E26-646F-4807-00000000ED02}1028C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{03799797-100B-646F-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{00000000-0000-0000-0000-000000000000}1936--- 154100x80000000000000004952Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-25 13:10:00.862{03799797-5E28-646F-4907-00000000ED02}2004C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{03799797-100B-646F-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{00000000-0000-0000-0000-000000000000}1936--- 154100x80000000000000004953Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-25 13:10:02.865{03799797-5E2A-646F-4A07-00000000ED02}2368C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{03799797-100B-646F-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{00000000-0000-0000-0000-000000000000}1936--- 154100x80000000000000004954Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-25 13:10:03.731{03799797-5E2B-646F-4B07-00000000ED02}808C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{03799797-100B-646F-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{00000000-0000-0000-0000-000000000000}1936--- 154100x80000000000000004955Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-25 13:10:04.485{03799797-5E2C-646F-4C07-00000000ED02}812C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{03799797-100B-646F-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{00000000-0000-0000-0000-000000000000}1936--- 154100x80000000000000007704Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-05-25 13:10:08.127{953948C6-5E30-646F-7507-00000000EC02}3580C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{953948C6-1007-646F-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{00000000-0000-0000-0000-000000000000}2316--- 154100x80000000000000007705Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-05-25 13:10:11.895{953948C6-5E33-646F-7607-00000000EC02}5304C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{953948C6-1007-646F-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{00000000-0000-0000-0000-000000000000}2316--- 154100x80000000000000007706Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-05-25 13:10:13.801{953948C6-5E35-646F-7707-00000000EC02}2800C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{953948C6-1007-646F-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{00000000-0000-0000-0000-000000000000}2316--- 154100x80000000000000007707Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-05-25 13:10:14.722{953948C6-5E36-646F-7807-00000000EC02}5704C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{953948C6-1007-646F-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{00000000-0000-0000-0000-000000000000}2316--- 154100x80000000000000007708Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-05-25 13:10:15.476{953948C6-5E37-646F-7907-00000000EC02}2780C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{953948C6-1007-646F-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{00000000-0000-0000-0000-000000000000}2316--- 154100x80000000000000004957Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-25 13:10:58.658{03799797-5E62-646F-4D07-00000000ED02}4140C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{03799797-100B-646F-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{00000000-0000-0000-0000-000000000000}1936--- 354300x80000000000000004956Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localRDP2023-05-25 13:10:55.861{03799797-100C-646F-0F00-00000000ED02}896C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse3.235.156.190ec2-3-235-156-190.compute-1.amazonaws.com56646-false10.0.1.15ar-win-2.attackrange.local3389ms-wbt-server 154100x80000000000000004958Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-25 13:11:00.869{03799797-5E64-646F-4E07-00000000ED02}4504C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{03799797-100B-646F-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{00000000-0000-0000-0000-000000000000}1936--- 154100x80000000000000004959Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-25 13:11:02.880{03799797-5E66-646F-4F07-00000000ED02}4228C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{03799797-100B-646F-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{00000000-0000-0000-0000-000000000000}1936--- 154100x80000000000000004960Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-25 13:11:03.713{03799797-5E67-646F-5007-00000000ED02}3856C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{03799797-100B-646F-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{00000000-0000-0000-0000-000000000000}1936--- 154100x80000000000000004961Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-25 13:11:04.465{03799797-5E68-646F-5107-00000000ED02}5024C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{03799797-100B-646F-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{00000000-0000-0000-0000-000000000000}1936--- 154100x80000000000000007709Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-05-25 13:11:08.059{953948C6-5E6C-646F-7A07-00000000EC02}5928C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{953948C6-1007-646F-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{00000000-0000-0000-0000-000000000000}2316--- 154100x80000000000000007710Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-05-25 13:11:11.902{953948C6-5E6F-646F-7B07-00000000EC02}5072C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{953948C6-1007-646F-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{00000000-0000-0000-0000-000000000000}2316--- 154100x80000000000000007711Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-05-25 13:11:13.798{953948C6-5E71-646F-7C07-00000000EC02}4624C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{953948C6-1007-646F-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{00000000-0000-0000-0000-000000000000}2316--- 154100x80000000000000007712Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-05-25 13:11:14.723{953948C6-5E72-646F-7D07-00000000EC02}648C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{953948C6-1007-646F-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{00000000-0000-0000-0000-000000000000}2316--- 154100x80000000000000007713Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-05-25 13:11:15.475{953948C6-5E73-646F-7E07-00000000EC02}4632C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{953948C6-1007-646F-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{00000000-0000-0000-0000-000000000000}2316--- 154100x80000000000000004962Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-25 13:11:58.664{03799797-5E9E-646F-5207-00000000ED02}740C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{03799797-100B-646F-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{00000000-0000-0000-0000-000000000000}1936--- 154100x80000000000000004963Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-25 13:12:00.867{03799797-5EA0-646F-5307-00000000ED02}4972C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{03799797-100B-646F-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{00000000-0000-0000-0000-000000000000}1936--- 154100x80000000000000004964Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-25 13:12:02.900{03799797-5EA2-646F-5407-00000000ED02}3320C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{03799797-100B-646F-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{00000000-0000-0000-0000-000000000000}1936--- 154100x80000000000000004965Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-25 13:12:03.721{03799797-5EA3-646F-5507-00000000ED02}1168C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{03799797-100B-646F-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{00000000-0000-0000-0000-000000000000}1936--- 154100x80000000000000004966Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-25 13:12:04.475{03799797-5EA4-646F-5607-00000000ED02}4748C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{03799797-100B-646F-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{00000000-0000-0000-0000-000000000000}1936--- 154100x80000000000000007714Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-05-25 13:12:08.051{953948C6-5EA8-646F-7F07-00000000EC02}4588C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{953948C6-1007-646F-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{00000000-0000-0000-0000-000000000000}2316--- 154100x80000000000000007715Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-05-25 13:12:11.907{953948C6-5EAB-646F-8007-00000000EC02}1472C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{953948C6-1007-646F-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{00000000-0000-0000-0000-000000000000}2316--- 154100x80000000000000007716Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-05-25 13:12:13.816{953948C6-5EAD-646F-8107-00000000EC02}5320C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{953948C6-1007-646F-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{00000000-0000-0000-0000-000000000000}2316--- 154100x80000000000000007717Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-05-25 13:12:14.724{953948C6-5EAE-646F-8207-00000000EC02}5256C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{953948C6-1007-646F-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{00000000-0000-0000-0000-000000000000}2316--- 154100x80000000000000007718Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-05-25 13:12:15.565{953948C6-5EAF-646F-8307-00000000EC02}5964C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{953948C6-1007-646F-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{00000000-0000-0000-0000-000000000000}2316--- 154100x80000000000000004967Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-25 13:12:58.674{03799797-5EDA-646F-5707-00000000ED02}4228C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{03799797-100B-646F-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{00000000-0000-0000-0000-000000000000}1936--- 154100x80000000000000004968Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-25 13:13:00.883{03799797-5EDC-646F-5807-00000000ED02}2952C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{03799797-100B-646F-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{00000000-0000-0000-0000-000000000000}1936--- 154100x80000000000000004969Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-25 13:13:02.930{03799797-5EDE-646F-5907-00000000ED02}4524C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{03799797-100B-646F-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{00000000-0000-0000-0000-000000000000}1936--- 154100x80000000000000004970Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-25 13:13:03.717{03799797-5EDF-646F-5A07-00000000ED02}3344C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{03799797-100B-646F-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{00000000-0000-0000-0000-000000000000}1936--- 154100x80000000000000004971Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-25 13:13:04.484{03799797-5EE0-646F-5B07-00000000ED02}4784C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{03799797-100B-646F-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{00000000-0000-0000-0000-000000000000}1936--- 11241100x80000000000000004973Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-25 13:13:07.537{03799797-5BF0-646F-1A07-00000000ED02}1980C:\Program Files\Notepad++\notepad++.exeC:\Temp\1.bat2023-05-25 13:13:07.318AR-WIN-2\Administrator 11241100x80000000000000004972Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-25 13:13:07.318{03799797-5BF0-646F-1A07-00000000ED02}1980C:\Program Files\Notepad++\notepad++.exeC:\Temp\1.bat2023-05-25 13:13:07.318AR-WIN-2\Administrator 154100x80000000000000007719Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-05-25 13:13:08.062{953948C6-5EE4-646F-8407-00000000EC02}4752C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{953948C6-1007-646F-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{00000000-0000-0000-0000-000000000000}2316--- 154100x80000000000000007720Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-05-25 13:13:11.912{953948C6-5EE7-646F-8507-00000000EC02}5368C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{953948C6-1007-646F-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{00000000-0000-0000-0000-000000000000}2316--- 154100x80000000000000007721Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-05-25 13:13:13.828{953948C6-5EE9-646F-8607-00000000EC02}5324C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{953948C6-1007-646F-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{00000000-0000-0000-0000-000000000000}2316--- 154100x80000000000000004974Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-25 13:13:13.579{03799797-5EE9-646F-5C07-00000000ED02}3820C:\Windows\System32\rundll32.exe10.0.14393.4169 (rs1_release.210107-1130)Windows host process (Rundll32)Microsoft® Windows® Operating SystemMicrosoft CorporationRUNDLL32.EXEC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -EmbeddingC:\Windows\system32\AR-WIN-2\Administrator{03799797-153D-646F-8FD6-0D0000000000}0xdd68f2HighMD5=23DB802097F7B7E520E40068A7E68B14,SHA256=28DE7D3E8BF4B19E44063A4BFC2E7C30AE488CD9A1F63320ED374E14AAECA667,IMPHASH=7D1CE1BAFE48B63D9D19E8E0E5DF3E6C{00000000-0000-0000-0000-000000000000}668--- 154100x80000000000000007722Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-05-25 13:13:14.731{953948C6-5EEA-646F-8707-00000000EC02}5988C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{953948C6-1007-646F-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{00000000-0000-0000-0000-000000000000}2316--- 154100x80000000000000007723Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-05-25 13:13:15.329{953948C6-5EEB-646F-8807-00000000EC02}148C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{953948C6-1007-646F-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{00000000-0000-0000-0000-000000000000}2316--- 154100x80000000000000004975Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-25 13:13:58.673{03799797-5F16-646F-5E07-00000000ED02}3688C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{03799797-100B-646F-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{00000000-0000-0000-0000-000000000000}1936--- 154100x80000000000000004976Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-25 13:14:00.898{03799797-5F18-646F-5F07-00000000ED02}276C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{03799797-100B-646F-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{00000000-0000-0000-0000-000000000000}1936--- 154100x80000000000000004977Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-25 13:14:02.919{03799797-5F1A-646F-6007-00000000ED02}696C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{03799797-100B-646F-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{00000000-0000-0000-0000-000000000000}1936--- 154100x80000000000000004978Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-25 13:14:03.772{03799797-5F1B-646F-6107-00000000ED02}4180C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{03799797-100B-646F-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{00000000-0000-0000-0000-000000000000}1936--- 154100x80000000000000004979Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-25 13:14:04.535{03799797-5F1C-646F-6207-00000000ED02}4060C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{03799797-100B-646F-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{00000000-0000-0000-0000-000000000000}1936--- 154100x80000000000000007724Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-05-25 13:14:08.071{953948C6-5F20-646F-8907-00000000EC02}6008C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{953948C6-1007-646F-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{00000000-0000-0000-0000-000000000000}2316--- 154100x80000000000000007725Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-05-25 13:14:11.922{953948C6-5F23-646F-8A07-00000000EC02}2204C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{953948C6-1007-646F-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{00000000-0000-0000-0000-000000000000}2316--- 154100x80000000000000007726Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-05-25 13:14:13.856{953948C6-5F25-646F-8B07-00000000EC02}4100C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{953948C6-1007-646F-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{00000000-0000-0000-0000-000000000000}2316--- 154100x80000000000000007727Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-05-25 13:14:14.739{953948C6-5F26-646F-8C07-00000000EC02}4260C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{953948C6-1007-646F-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{00000000-0000-0000-0000-000000000000}2316--- 154100x80000000000000007728Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-05-25 13:14:15.486{953948C6-5F27-646F-8D07-00000000EC02}5304C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{953948C6-1007-646F-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{00000000-0000-0000-0000-000000000000}2316--- 154100x80000000000000004980Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-25 13:14:56.469{03799797-5F50-646F-6307-00000000ED02}2388C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"cmd.exe" /s /k pushd "C:\Program Files\ansible\sysmon"C:\Windows\system32\AR-WIN-2\Administrator{03799797-153D-646F-8FD6-0D0000000000}0xdd68f2HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{03799797-153E-646F-0101-00000000ED02}2964C:\Windows\explorer.exeC:\Windows\Explorer.EXEAR-WIN-2\Administrator 154100x80000000000000004981Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-25 13:14:58.683{03799797-5F52-646F-6507-00000000ED02}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{03799797-100B-646F-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{00000000-0000-0000-0000-000000000000}1936--- 154100x80000000000000004982Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-25 13:15:00.910{03799797-5F54-646F-6607-00000000ED02}4960C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{03799797-100B-646F-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{00000000-0000-0000-0000-000000000000}1936--- 154100x80000000000000004985Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-25 13:15:02.918{03799797-5F56-646F-6807-00000000ED02}4184C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{03799797-100B-646F-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{00000000-0000-0000-0000-000000000000}1936--- 16341600x80000000000000004984Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local2023-05-25 13:15:02.559C:\Program Files\ansible\sysmon\SwiftOnSecurity.xmlSHA256=62A2EB8C481DC0CD2ABCCEEDCD9DD11AF9A66D715E53FA8B7B60052B094E75F7 154100x80000000000000004983Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-25 13:15:02.447{03799797-5F56-646F-6707-00000000ED02}2608C:\Program Files\ansible\sysmon\Sysmon64.exe14.16System activity monitorSysinternals SysmonSysinternals - www.sysinternals.com-Sysmon64.exe -c SwiftOnSecurity.xmlC:\Program Files\ansible\sysmon\AR-WIN-2\Administrator{03799797-153D-646F-8FD6-0D0000000000}0xdd68f2HighMD5=6D0F4D26C347DF85CD3F7FFE56701C28,SHA256=8D4FC2C9352DAD893D63CA30829B35C935E304C2FD0BE83E7DAEBBE59A558694,IMPHASH=5D659A6724973D69FAD948B4068A44E7{03799797-5F50-646F-6307-00000000ED02}2388C:\Windows\System32\cmd.exe"cmd.exe" /s /k pushd "C:\Program Files\ansible\sysmon"AR-WIN-2\Administrator 154100x80000000000000004986Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-25 13:15:03.716{03799797-5F57-646F-6907-00000000ED02}2396C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{03799797-100B-646F-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{00000000-0000-0000-0000-000000000000}1936--- 154100x80000000000000004987Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-25 13:15:04.322{03799797-5F58-646F-6A07-00000000ED02}4516C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{03799797-100B-646F-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{00000000-0000-0000-0000-000000000000}1936--- 154100x80000000000000007729Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-05-25 13:15:08.067{953948C6-5F5C-646F-8E07-00000000EC02}6088C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{953948C6-1007-646F-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{00000000-0000-0000-0000-000000000000}2316--- 154100x80000000000000007730Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-05-25 13:15:11.957{953948C6-5F5F-646F-8F07-00000000EC02}5392C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{953948C6-1007-646F-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{00000000-0000-0000-0000-000000000000}2316--- 154100x80000000000000007731Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-05-25 13:15:13.854{953948C6-5F61-646F-9007-00000000EC02}5456C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{953948C6-1007-646F-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{00000000-0000-0000-0000-000000000000}2316--- 154100x80000000000000007732Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-05-25 13:15:14.748{953948C6-5F62-646F-9107-00000000EC02}468C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{953948C6-1007-646F-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{00000000-0000-0000-0000-000000000000}2316--- 154100x80000000000000007733Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-05-25 13:15:15.489{953948C6-5F63-646F-9207-00000000EC02}3684C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{953948C6-1007-646F-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{00000000-0000-0000-0000-000000000000}2316--- 154100x80000000000000004988Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-25 13:15:58.699{03799797-5F8E-646F-6B07-00000000ED02}3948C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{03799797-100B-646F-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{00000000-0000-0000-0000-000000000000}1936--- 154100x80000000000000004989Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-25 13:16:00.914{03799797-5F90-646F-6C07-00000000ED02}3768C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{03799797-100B-646F-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{00000000-0000-0000-0000-000000000000}1936--- 154100x80000000000000004990Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-25 13:16:02.929{03799797-5F92-646F-6D07-00000000ED02}4172C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{03799797-100B-646F-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{00000000-0000-0000-0000-000000000000}1936--- 154100x80000000000000004991Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-25 13:16:03.761{03799797-5F93-646F-6E07-00000000ED02}1844C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{03799797-100B-646F-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{00000000-0000-0000-0000-000000000000}1936--- 154100x80000000000000004992Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-25 13:16:04.512{03799797-5F94-646F-6F07-00000000ED02}192C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{03799797-100B-646F-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{00000000-0000-0000-0000-000000000000}1936--- 154100x80000000000000007734Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-05-25 13:16:08.065{953948C6-5F98-646F-9307-00000000EC02}2204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{953948C6-1007-646F-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{00000000-0000-0000-0000-000000000000}2316--- 354300x80000000000000004993Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localRDP2023-05-25 13:16:08.776{03799797-100C-646F-0F00-00000000ED02}896C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse3.235.156.190ec2-3-235-156-190.compute-1.amazonaws.com57689-false10.0.1.15ar-win-2.attackrange.local3389ms-wbt-server 154100x80000000000000007735Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-05-25 13:16:11.986{953948C6-5F9B-646F-9407-00000000EC02}5304C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{953948C6-1007-646F-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{00000000-0000-0000-0000-000000000000}2316--- 154100x80000000000000007736Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-05-25 13:16:13.862{953948C6-5F9D-646F-9507-00000000EC02}2504C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{953948C6-1007-646F-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{00000000-0000-0000-0000-000000000000}2316--- 154100x80000000000000007737Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-05-25 13:16:14.772{953948C6-5F9E-646F-9607-00000000EC02}5340C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{953948C6-1007-646F-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{00000000-0000-0000-0000-000000000000}2316--- 154100x80000000000000007738Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-05-25 13:16:15.536{953948C6-5F9F-646F-9707-00000000EC02}4824C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{953948C6-1007-646F-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{00000000-0000-0000-0000-000000000000}2316--- 154100x80000000000000004994Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-25 13:16:58.702{03799797-5FCA-646F-7007-00000000ED02}3912C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{03799797-100B-646F-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{00000000-0000-0000-0000-000000000000}1936--- 154100x80000000000000004995Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-25 13:17:00.933{03799797-5FCC-646F-7107-00000000ED02}2604C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{03799797-100B-646F-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{00000000-0000-0000-0000-000000000000}1936--- 154100x80000000000000004996Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-25 13:17:02.940{03799797-5FCE-646F-7207-00000000ED02}872C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{03799797-100B-646F-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{00000000-0000-0000-0000-000000000000}1936--- 154100x80000000000000004997Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-25 13:17:03.762{03799797-5FCF-646F-7307-00000000ED02}3460C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{03799797-100B-646F-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{00000000-0000-0000-0000-000000000000}1936--- 154100x80000000000000004998Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-25 13:17:04.522{03799797-5FD0-646F-7407-00000000ED02}4740C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{03799797-100B-646F-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{00000000-0000-0000-0000-000000000000}1936--- 154100x80000000000000007739Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-05-25 13:17:08.064{953948C6-5FD4-646F-9807-00000000EC02}80C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{953948C6-1007-646F-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{00000000-0000-0000-0000-000000000000}2316--- 154100x80000000000000007740Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-05-25 13:17:11.988{953948C6-5FD7-646F-9907-00000000EC02}2912C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{953948C6-1007-646F-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{00000000-0000-0000-0000-000000000000}2316--- 154100x80000000000000007741Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-05-25 13:17:13.866{953948C6-5FD9-646F-9A07-00000000EC02}1860C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{953948C6-1007-646F-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{00000000-0000-0000-0000-000000000000}2316--- 154100x80000000000000007742Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-05-25 13:17:14.781{953948C6-5FDA-646F-9B07-00000000EC02}2188C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{953948C6-1007-646F-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{00000000-0000-0000-0000-000000000000}2316--- 154100x80000000000000007743Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-05-25 13:17:15.552{953948C6-5FDB-646F-9C07-00000000EC02}1968C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{953948C6-1007-646F-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{00000000-0000-0000-0000-000000000000}2316--- 154100x80000000000000004999Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-25 13:17:58.709{03799797-6006-646F-7507-00000000ED02}3724C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{03799797-100B-646F-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{00000000-0000-0000-0000-000000000000}1936--- 154100x80000000000000005000Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-25 13:18:00.933{03799797-6008-646F-7607-00000000ED02}4576C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{03799797-100B-646F-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{00000000-0000-0000-0000-000000000000}1936--- 154100x80000000000000005001Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-25 13:18:02.949{03799797-600A-646F-7707-00000000ED02}2752C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{03799797-100B-646F-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{00000000-0000-0000-0000-000000000000}1936--- 154100x80000000000000005002Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-25 13:18:03.768{03799797-600B-646F-7807-00000000ED02}1836C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{03799797-100B-646F-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{00000000-0000-0000-0000-000000000000}1936--- 154100x80000000000000005003Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-25 13:18:04.365{03799797-600C-646F-7907-00000000ED02}3396C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{03799797-100B-646F-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{00000000-0000-0000-0000-000000000000}1936--- 154100x80000000000000007744Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-05-25 13:18:08.064{953948C6-6010-646F-9D07-00000000EC02}2884C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{953948C6-1007-646F-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{00000000-0000-0000-0000-000000000000}2316--- 154100x80000000000000007745Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-05-25 13:18:11.989{953948C6-6013-646F-9E07-00000000EC02}6028C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{953948C6-1007-646F-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{00000000-0000-0000-0000-000000000000}2316--- 154100x80000000000000007746Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-05-25 13:18:13.884{953948C6-6015-646F-9F07-00000000EC02}1168C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{953948C6-1007-646F-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{00000000-0000-0000-0000-000000000000}2316--- 154100x80000000000000007747Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-05-25 13:18:14.797{953948C6-6016-646F-A007-00000000EC02}912C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{953948C6-1007-646F-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{00000000-0000-0000-0000-000000000000}2316--- 154100x80000000000000007748Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-05-25 13:18:15.548{953948C6-6017-646F-A107-00000000EC02}2000C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{953948C6-1007-646F-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{00000000-0000-0000-0000-000000000000}2316--- 354300x80000000000000007749Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localRDP2023-05-25 13:18:14.377{953948C6-1009-646F-0F00-00000000EC02}968C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse8.242.164.1488-242-164-148.cirion-tech.com.co51812-false10.0.1.14ar-win-dc.attackrange.local3389ms-wbt-server 154100x80000000000000005004Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-25 13:18:33.788{03799797-6029-646F-7A07-00000000ED02}4212C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"cmd.exe" /s /k pushd "C:\Temp"C:\Windows\system32\AR-WIN-2\Administrator{03799797-153D-646F-8FD6-0D0000000000}0xdd68f2HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{03799797-153E-646F-0101-00000000ED02}2964C:\Windows\explorer.exeC:\Windows\Explorer.EXEAR-WIN-2\Administrator 154100x80000000000000005005Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-25 13:18:58.731{03799797-6042-646F-7C07-00000000ED02}4648C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{03799797-100B-646F-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{00000000-0000-0000-0000-000000000000}1936--- 154100x80000000000000005006Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-25 13:19:00.937{03799797-6044-646F-7D07-00000000ED02}4724C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{03799797-100B-646F-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{00000000-0000-0000-0000-000000000000}1936--- 154100x80000000000000005007Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-25 13:19:02.968{03799797-6046-646F-7E07-00000000ED02}3840C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{03799797-100B-646F-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{00000000-0000-0000-0000-000000000000}1936--- 154100x80000000000000005008Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-25 13:19:03.766{03799797-6047-646F-7F07-00000000ED02}4828C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{03799797-100B-646F-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{00000000-0000-0000-0000-000000000000}1936--- 154100x80000000000000005009Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-25 13:19:04.529{03799797-6048-646F-8007-00000000ED02}968C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{03799797-100B-646F-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{00000000-0000-0000-0000-000000000000}1936--- 154100x80000000000000007750Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-05-25 13:19:08.070{953948C6-604C-646F-A207-00000000EC02}5944C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{953948C6-1007-646F-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{00000000-0000-0000-0000-000000000000}2316--- 154100x80000000000000007751Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-05-25 13:19:11.995{953948C6-604F-646F-A307-00000000EC02}2444C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{953948C6-1007-646F-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{00000000-0000-0000-0000-000000000000}2316--- 154100x80000000000000007752Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-05-25 13:19:13.895{953948C6-6051-646F-A407-00000000EC02}5952C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{953948C6-1007-646F-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{00000000-0000-0000-0000-000000000000}2316--- 154100x80000000000000007753Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-05-25 13:19:14.811{953948C6-6052-646F-A507-00000000EC02}4132C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{953948C6-1007-646F-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{00000000-0000-0000-0000-000000000000}2316--- 154100x80000000000000007754Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-05-25 13:19:15.568{953948C6-6053-646F-A607-00000000EC02}5624C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{953948C6-1007-646F-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{00000000-0000-0000-0000-000000000000}2316--- 154100x80000000000000005010Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-25 13:19:58.745{03799797-607E-646F-8107-00000000ED02}2852C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{03799797-100B-646F-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{00000000-0000-0000-0000-000000000000}1936--- 154100x80000000000000005011Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-25 13:20:00.942{03799797-6080-646F-8207-00000000ED02}3132C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{03799797-100B-646F-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{00000000-0000-0000-0000-000000000000}1936--- 154100x80000000000000005012Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-25 13:20:02.971{03799797-6082-646F-8307-00000000ED02}4944C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{03799797-100B-646F-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{00000000-0000-0000-0000-000000000000}1936--- 154100x80000000000000005013Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-25 13:20:03.770{03799797-6083-646F-8407-00000000ED02}4560C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{03799797-100B-646F-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{00000000-0000-0000-0000-000000000000}1936--- 154100x80000000000000005014Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-25 13:20:04.523{03799797-6084-646F-8507-00000000ED02}2476C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{03799797-100B-646F-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{00000000-0000-0000-0000-000000000000}1936--- 154100x80000000000000007755Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-05-25 13:20:08.074{953948C6-6088-646F-A707-00000000EC02}5768C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{953948C6-1007-646F-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{00000000-0000-0000-0000-000000000000}2316--- 154100x80000000000000007756Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-05-25 13:20:12.013{953948C6-608C-646F-A807-00000000EC02}4272C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{953948C6-1007-646F-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{00000000-0000-0000-0000-000000000000}2316--- 154100x80000000000000007757Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-05-25 13:20:13.906{953948C6-608D-646F-A907-00000000EC02}4664C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{953948C6-1007-646F-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{00000000-0000-0000-0000-000000000000}2316--- 154100x80000000000000007758Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-05-25 13:20:14.808{953948C6-608E-646F-AA07-00000000EC02}2108C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{953948C6-1007-646F-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{00000000-0000-0000-0000-000000000000}2316--- 154100x80000000000000007759Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-05-25 13:20:15.430{953948C6-608F-646F-AB07-00000000EC02}1700C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{953948C6-1007-646F-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{00000000-0000-0000-0000-000000000000}2316--- 154100x80000000000000005015Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-25 13:20:58.739{03799797-60BA-646F-8607-00000000ED02}5088C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{03799797-100B-646F-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{00000000-0000-0000-0000-000000000000}1936--- 154100x80000000000000005016Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-25 13:21:00.965{03799797-60BC-646F-8707-00000000ED02}2816C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{03799797-100B-646F-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{00000000-0000-0000-0000-000000000000}1936--- 154100x80000000000000005017Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-25 13:21:02.975{03799797-60BE-646F-8807-00000000ED02}3712C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{03799797-100B-646F-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{00000000-0000-0000-0000-000000000000}1936--- 154100x80000000000000005018Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-25 13:21:03.809{03799797-60BF-646F-8907-00000000ED02}192C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{03799797-100B-646F-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{00000000-0000-0000-0000-000000000000}1936--- 154100x80000000000000005019Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-25 13:21:04.572{03799797-60C0-646F-8A07-00000000ED02}1860C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{03799797-100B-646F-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{00000000-0000-0000-0000-000000000000}1936--- 154100x80000000000000007760Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-05-25 13:21:08.078{953948C6-60C4-646F-AC07-00000000EC02}5680C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{953948C6-1007-646F-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{00000000-0000-0000-0000-000000000000}2316--- 154100x80000000000000007761Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-05-25 13:21:12.008{953948C6-60C8-646F-AD07-00000000EC02}5920C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{953948C6-1007-646F-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{00000000-0000-0000-0000-000000000000}2316--- 154100x80000000000000007762Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-05-25 13:21:13.919{953948C6-60C9-646F-AE07-00000000EC02}4952C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{953948C6-1007-646F-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{00000000-0000-0000-0000-000000000000}2316--- 154100x80000000000000007763Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-05-25 13:21:14.811{953948C6-60CA-646F-AF07-00000000EC02}4584C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{953948C6-1007-646F-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{00000000-0000-0000-0000-000000000000}2316--- 154100x80000000000000007764Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-05-25 13:21:15.569{953948C6-60CB-646F-B007-00000000EC02}540C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{953948C6-1007-646F-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{00000000-0000-0000-0000-000000000000}2316--- 154100x80000000000000005024Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-25 13:21:23.687{03799797-60D3-646F-8E07-00000000ED02}800C:\Windows\System32\netsh.exe10.0.14393.0 (rs1_release.160715-1616)Network Command ShellMicrosoft® Windows® Operating SystemMicrosoft Corporationnetsh.exenetsh interface portproxy add v4tov4 listenport=50100 listenaddress=0.0.0.0 connectport=1433C:\Temp\AR-WIN-2\Administrator{03799797-153D-646F-8FD6-0D0000000000}0xdd68f2HighMD5=4D51BCD0B94D09F5DFB80DF754D31E28,SHA256=E5888E649C881E4BBBCE472F6808F93B2B5564D3094995A5A08E66B2406C1607,IMPHASH=51DC8B92EF1620527201E5276E21BCA7{03799797-60D3-646F-8D07-00000000ED02}2608C:\Windows\System32\cmd.execmd.exe /c netsh interface portproxy add v4tov4 listenport=50100 listenaddress=0.0.0.0 connectport=1433AR-WIN-2\Administrator 154100x80000000000000005023Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-25 13:21:23.677{03799797-60D3-646F-8D07-00000000ED02}2608C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Execmd.exe /c netsh interface portproxy add v4tov4 listenport=50100 listenaddress=0.0.0.0 connectport=1433C:\Temp\AR-WIN-2\Administrator{03799797-153D-646F-8FD6-0D0000000000}0xdd68f2HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{03799797-6029-646F-7A07-00000000ED02}4212C:\Windows\System32\cmd.exe"cmd.exe" /s /k pushd "C:\Temp"AR-WIN-2\Administrator 13241300x80000000000000005022Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localproxySetValue2023-05-25 13:21:23.640{03799797-60D3-646F-8C07-00000000ED02}4692C:\Windows\system32\netsh.exeHKLM\System\CurrentControlSet\Services\PortProxy\v4tov4\tcp\127.0.0.1/9999127.0.0.1/8443AR-WIN-2\Administrator 154100x80000000000000005021Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-25 13:21:23.433{03799797-60D3-646F-8C07-00000000ED02}4692C:\Windows\System32\netsh.exe10.0.14393.0 (rs1_release.160715-1616)Network Command ShellMicrosoft® Windows® Operating SystemMicrosoft Corporationnetsh.exenetsh interface portproxy add v4tov4 listenaddress=127.0.0.1 listenport=9999 connectaddress=127.0.0.1 connectport=8443 protocol=tcp"C:\Temp\AR-WIN-2\Administrator{03799797-153D-646F-8FD6-0D0000000000}0xdd68f2HighMD5=4D51BCD0B94D09F5DFB80DF754D31E28,SHA256=E5888E649C881E4BBBCE472F6808F93B2B5564D3094995A5A08E66B2406C1607,IMPHASH=51DC8B92EF1620527201E5276E21BCA7{03799797-60D3-646F-8B07-00000000ED02}4844C:\Windows\System32\cmd.execmd.exe /c "netsh interface portproxy add v4tov4 listenaddress=127.0.0.1 listenport=9999 connectaddress=127.0.0.1 connectport=8443 protocol=tcp""AR-WIN-2\Administrator 154100x80000000000000005020Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-25 13:21:23.414{03799797-60D3-646F-8B07-00000000ED02}4844C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Execmd.exe /c "netsh interface portproxy add v4tov4 listenaddress=127.0.0.1 listenport=9999 connectaddress=127.0.0.1 connectport=8443 protocol=tcp""C:\Temp\AR-WIN-2\Administrator{03799797-153D-646F-8FD6-0D0000000000}0xdd68f2HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{03799797-6029-646F-7A07-00000000ED02}4212C:\Windows\System32\cmd.exe"cmd.exe" /s /k pushd "C:\Temp"AR-WIN-2\Administrator 354300x80000000000000005025Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localRDP2023-05-25 13:21:43.132{03799797-100C-646F-0F00-00000000ED02}896C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse3.235.156.190ec2-3-235-156-190.compute-1.amazonaws.com58720-false10.0.1.15ar-win-2.attackrange.local3389ms-wbt-server 154100x80000000000000005026Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-25 13:21:58.750{03799797-60F6-646F-8F07-00000000ED02}5072C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{03799797-100B-646F-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{00000000-0000-0000-0000-000000000000}1936--- 154100x80000000000000005027Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-25 13:22:00.977{03799797-60F8-646F-9007-00000000ED02}4648C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{03799797-100B-646F-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{00000000-0000-0000-0000-000000000000}1936--- 154100x80000000000000005028Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-25 13:22:02.988{03799797-60FA-646F-9107-00000000ED02}4980C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{03799797-100B-646F-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{00000000-0000-0000-0000-000000000000}1936--- 154100x80000000000000005029Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-25 13:22:03.826{03799797-60FB-646F-9207-00000000ED02}1756C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{03799797-100B-646F-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{00000000-0000-0000-0000-000000000000}1936--- 154100x80000000000000005030Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-25 13:22:04.590{03799797-60FC-646F-9307-00000000ED02}4312C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{03799797-100B-646F-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{00000000-0000-0000-0000-000000000000}1936--- 154100x80000000000000007765Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-05-25 13:22:08.085{953948C6-6100-646F-B107-00000000EC02}508C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{953948C6-1007-646F-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{00000000-0000-0000-0000-000000000000}2316--- 154100x80000000000000007766Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-05-25 13:22:12.017{953948C6-6104-646F-B207-00000000EC02}2984C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{953948C6-1007-646F-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{00000000-0000-0000-0000-000000000000}2316--- 154100x80000000000000007767Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-05-25 13:22:13.924{953948C6-6105-646F-B307-00000000EC02}4784C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{953948C6-1007-646F-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{00000000-0000-0000-0000-000000000000}2316--- 154100x80000000000000007768Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-05-25 13:22:14.813{953948C6-6106-646F-B407-00000000EC02}5960C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{953948C6-1007-646F-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{00000000-0000-0000-0000-000000000000}2316--- 154100x80000000000000007769Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-05-25 13:22:15.581{953948C6-6107-646F-B507-00000000EC02}904C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{953948C6-1007-646F-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{00000000-0000-0000-0000-000000000000}2316--- 154100x80000000000000005031Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-25 13:22:58.745{03799797-6132-646F-9407-00000000ED02}3240C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{03799797-100B-646F-E703-000000000000}0x3e70SystemMD5=37B46253848001FA2332AA649697BBB8,SHA256=DCD0C40579E2F66805D1D9BDA1E8626B0988DF29D85429E492756F02DAEF6AF4,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{00000000-0000-0000-0000-000000000000}1936--- 154100x80000000000000005032Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-25 13:23:00.986{03799797-6134-646F-9507-00000000ED02}2608C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{03799797-100B-646F-E703-000000000000}0x3e70SystemMD5=80601ED27CFBD56EB4D847556776A4BC,SHA256=9E48FEE0D29DC8867EAEA8BC23ECC2BF46C010FCB215F99122D1F87E1D7D60A1,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{00000000-0000-0000-0000-000000000000}1936--- 154100x80000000000000005033Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-25 13:23:02.986{03799797-6136-646F-9607-00000000ED02}4728C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{03799797-100B-646F-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{00000000-0000-0000-0000-000000000000}1936--- 154100x80000000000000005034Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-25 13:23:03.786{03799797-6137-646F-9707-00000000ED02}2496C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{03799797-100B-646F-E703-000000000000}0x3e70SystemMD5=B6E7745CB09028E7A3DA54C910ACBEB9,SHA256=F8DED57BEF961B925BDF3FC9D829FAD82BF436C49BB635AAE75564D70DABA75A,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{00000000-0000-0000-0000-000000000000}1936--- 154100x80000000000000005035Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-05-25 13:23:04.539{03799797-6138-646F-9807-00000000ED02}3868C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{03799797-100B-646F-E703-000000000000}0x3e70SystemMD5=B6A4D276E993FB7EE14DED01CBEBDA71,SHA256=CD4DF32D3564EA53C1EE782BB5F55A0C0E9CAC30BAE49D51B041829AA96CA5A4,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{00000000-0000-0000-0000-000000000000}1936---