154100x80000000000000004556Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 08:21:43.384{4E8F5BFB-BF97-64AB-8300-00000000F902}2788C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=A434E761D405DDC4EC4411D69D80BAAB,SHA256=DC09085E78020D3044660ED762A8FDBEA00FD859B4EADBE92F8725A9A654F294,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004557Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 08:21:45.270{4E8F5BFB-BF99-64AB-8400-00000000F902}3620C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.5Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=513972A5A10DC2984285F0B15171C10E,SHA256=B025CC16487F6B5B1D63E7080172856F56A669764AF01CCE8C06B4CFDECCD682,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004558Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 08:21:46.983{4E8F5BFB-BF9A-64AB-8500-00000000F902}2848C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004559Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 08:21:47.627{4E8F5BFB-BF9B-64AB-8600-00000000F902}1700C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004560Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 08:21:48.664{4E8F5BFB-BF9C-64AB-8700-00000000F902}3840C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.5Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=056A3A318008FF93D6951CA5561B052F,SHA256=9FCD6D853054A359FDAB4CE80E110DEF60EA62DBE7EA90DCBA0FC0F778D0C4E7,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003437Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:22:26.346{08CB57FB-BFC2-64AB-8100-00000000FA02}632C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=A434E761D405DDC4EC4411D69D80BAAB,SHA256=DC09085E78020D3044660ED762A8FDBEA00FD859B4EADBE92F8725A9A654F294,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003438Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:22:28.209{08CB57FB-BFC4-64AB-8200-00000000FA02}2832C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.5Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=513972A5A10DC2984285F0B15171C10E,SHA256=B025CC16487F6B5B1D63E7080172856F56A669764AF01CCE8C06B4CFDECCD682,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003440Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:22:30.916{08CB57FB-BFC6-64AB-8400-00000000FA02}2696C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003439Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:22:30.009{08CB57FB-BFC6-64AB-8300-00000000FA02}2080C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003441Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:22:31.527{08CB57FB-BFC7-64AB-8500-00000000FA02}1184C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.5Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=056A3A318008FF93D6951CA5561B052F,SHA256=9FCD6D853054A359FDAB4CE80E110DEF60EA62DBE7EA90DCBA0FC0F778D0C4E7,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004561Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 08:22:43.684{4E8F5BFB-BFD3-64AB-9100-00000000F902}2352C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=A434E761D405DDC4EC4411D69D80BAAB,SHA256=DC09085E78020D3044660ED762A8FDBEA00FD859B4EADBE92F8725A9A654F294,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004562Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 08:22:45.550{4E8F5BFB-BFD5-64AB-9200-00000000F902}2416C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.5Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=513972A5A10DC2984285F0B15171C10E,SHA256=B025CC16487F6B5B1D63E7080172856F56A669764AF01CCE8C06B4CFDECCD682,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004563Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 08:22:47.259{4E8F5BFB-BFD7-64AB-9300-00000000F902}2456C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004565Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 08:22:48.952{4E8F5BFB-BFD8-64AB-9500-00000000F902}2820C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.5Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=056A3A318008FF93D6951CA5561B052F,SHA256=9FCD6D853054A359FDAB4CE80E110DEF60EA62DBE7EA90DCBA0FC0F778D0C4E7,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004564Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 08:22:48.012{4E8F5BFB-BFD8-64AB-9400-00000000F902}3436C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003442Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:23:26.399{08CB57FB-BFFE-64AB-9200-00000000FA02}2696C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=A434E761D405DDC4EC4411D69D80BAAB,SHA256=DC09085E78020D3044660ED762A8FDBEA00FD859B4EADBE92F8725A9A654F294,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003443Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:23:28.243{08CB57FB-C000-64AB-9300-00000000FA02}2876C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.5Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=513972A5A10DC2984285F0B15171C10E,SHA256=B025CC16487F6B5B1D63E7080172856F56A669764AF01CCE8C06B4CFDECCD682,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003445Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:23:30.947{08CB57FB-C002-64AB-9500-00000000FA02}1012C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003444Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:23:30.040{08CB57FB-C002-64AB-9400-00000000FA02}388C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003446Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:23:31.712{08CB57FB-C003-64AB-9600-00000000FA02}984C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.5Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=056A3A318008FF93D6951CA5561B052F,SHA256=9FCD6D853054A359FDAB4CE80E110DEF60EA62DBE7EA90DCBA0FC0F778D0C4E7,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 12241200x80000000000000004584Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localSuspicious,ImageBeginWithBackslashDeleteValue2023-07-10 08:23:32.436{4E8F5BFB-BFF7-64AB-9600-00000000F902}3892\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\UpdatingNT AUTHORITY\SYSTEM 13241300x80000000000000004583Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2023-07-10 08:23:32.436{4E8F5BFB-BFF7-64AB-9600-00000000F902}3892\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\System\CurrentControlSet\Services\WmiApRpl\Performance\Object List28280 28286 28296 28306 28326 28370 28380 28418 28424 28440NT AUTHORITY\SYSTEM 13241300x80000000000000004582Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2023-07-10 08:23:32.436{4E8F5BFB-BFF7-64AB-9600-00000000F902}3892\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\System\CurrentControlSet\Services\WmiApRpl\Performance\First HelpDWORD (0x00006e79)NT AUTHORITY\SYSTEM 13241300x80000000000000004581Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2023-07-10 08:23:32.436{4E8F5BFB-BFF7-64AB-9600-00000000F902}3892\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\System\CurrentControlSet\Services\WmiApRpl\Performance\First CounterDWORD (0x00006e78)NT AUTHORITY\SYSTEM 13241300x80000000000000004580Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2023-07-10 08:23:32.436{4E8F5BFB-BFF7-64AB-9600-00000000F902}3892\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\System\CurrentControlSet\Services\WmiApRpl\Performance\Last HelpDWORD (0x00006f1f)NT AUTHORITY\SYSTEM 13241300x80000000000000004579Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2023-07-10 08:23:32.436{4E8F5BFB-BFF7-64AB-9600-00000000F902}3892\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\System\CurrentControlSet\Services\WmiApRpl\Performance\Last CounterDWORD (0x00006f1e)NT AUTHORITY\SYSTEM 13241300x80000000000000004578Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2023-07-10 08:23:32.436{4E8F5BFB-BFF7-64AB-9600-00000000F902}3892\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\Last HelpDWORD (0x00006f1f)NT AUTHORITY\SYSTEM 13241300x80000000000000004577Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2023-07-10 08:23:32.436{4E8F5BFB-BFF7-64AB-9600-00000000F902}3892\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\Last CounterDWORD (0x00006f1e)NT AUTHORITY\SYSTEM 13241300x80000000000000004576Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2023-07-10 08:23:32.233{4E8F5BFB-BFF7-64AB-9600-00000000F902}3892\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\UpdatingWmiApRplNT AUTHORITY\SYSTEM 13241300x80000000000000004575Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2023-07-10 08:23:32.217{4E8F5BFB-BFF7-64AB-9600-00000000F902}3892\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\System\CurrentControlSet\Services\WmiApRpl\Performance\PerfIniFileWmiApRpl.iniNT AUTHORITY\SYSTEM 12241200x80000000000000004574Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localSuspicious,ImageBeginWithBackslashDeleteValue2023-07-10 08:23:32.217{4E8F5BFB-BFF7-64AB-9600-00000000F902}3892\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\UpdatingNT AUTHORITY\SYSTEM 12241200x80000000000000004573Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localSuspicious,ImageBeginWithBackslashDeleteValue2023-07-10 08:23:32.217{4E8F5BFB-BFF7-64AB-9600-00000000F902}3892\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\System\CurrentControlSet\Services\WmiApRpl\Performance\Object ListNT AUTHORITY\SYSTEM 12241200x80000000000000004572Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localSuspicious,ImageBeginWithBackslashDeleteValue2023-07-10 08:23:32.217{4E8F5BFB-BFF7-64AB-9600-00000000F902}3892\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\System\CurrentControlSet\Services\WmiApRpl\Performance\Last HelpNT AUTHORITY\SYSTEM 12241200x80000000000000004571Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localSuspicious,ImageBeginWithBackslashDeleteValue2023-07-10 08:23:32.217{4E8F5BFB-BFF7-64AB-9600-00000000F902}3892\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\System\CurrentControlSet\Services\WmiApRpl\Performance\First HelpNT AUTHORITY\SYSTEM 12241200x80000000000000004570Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localSuspicious,ImageBeginWithBackslashDeleteValue2023-07-10 08:23:32.217{4E8F5BFB-BFF7-64AB-9600-00000000F902}3892\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\System\CurrentControlSet\Services\WmiApRpl\Performance\Last CounterNT AUTHORITY\SYSTEM 12241200x80000000000000004569Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localSuspicious,ImageBeginWithBackslashDeleteValue2023-07-10 08:23:32.217{4E8F5BFB-BFF7-64AB-9600-00000000F902}3892\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\System\CurrentControlSet\Services\WmiApRpl\Performance\First CounterNT AUTHORITY\SYSTEM 13241300x80000000000000004568Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2023-07-10 08:23:32.217{4E8F5BFB-BFF7-64AB-9600-00000000F902}3892\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\Last HelpDWORD (0x00006e77)NT AUTHORITY\SYSTEM 13241300x80000000000000004567Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2023-07-10 08:23:32.217{4E8F5BFB-BFF7-64AB-9600-00000000F902}3892\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\Last CounterDWORD (0x00006e76)NT AUTHORITY\SYSTEM 13241300x80000000000000004566Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2023-07-10 08:23:32.186{4E8F5BFB-BFF7-64AB-9600-00000000F902}3892\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\UpdatingWmiApRplNT AUTHORITY\SYSTEM 13241300x80000000000000004597Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2023-07-10 08:23:35.177{4E8F5BFB-BFF7-64AB-9600-00000000F902}3892\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Wbem\PROVIDERS\Performance\Performance RefreshedDWORD (0x00000001)NT AUTHORITY\SYSTEM 13241300x80000000000000004596Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2023-07-10 08:23:35.177{4E8F5BFB-BFF7-64AB-9600-00000000F902}3892\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Wbem\PROVIDERS\Performance\Performance RefreshDWORD (0x00000000)NT AUTHORITY\SYSTEM 13241300x80000000000000004595Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2023-07-10 08:23:35.177{4E8F5BFB-BFF7-64AB-9600-00000000F902}3892\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Wbem\WDM\DREDGE\C:\Windows\System32\drivers\ena.sys[NdisMofResource]LowDateTime:1473079808,HighDateTime:30948602***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000004594Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2023-07-10 08:23:35.177{4E8F5BFB-BFF7-64AB-9600-00000000F902}3892\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Wbem\WDM\DREDGE\C:\Windows\System32\drivers\en-US\intelppm.sys.mui[PROCESSORWMI]LowDateTime:-592701735,HighDateTime:30543079***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000004593Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2023-07-10 08:23:35.177{4E8F5BFB-BFF7-64AB-9600-00000000F902}3892\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Wbem\WDM\DREDGE\C:\Windows\System32\drivers\intelppm.sys[PROCESSORWMI]LowDateTime:-1574338714,HighDateTime:30999909***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000004592Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2023-07-10 08:23:35.177{4E8F5BFB-BFF7-64AB-9600-00000000F902}3892\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Wbem\WDM\DREDGE\C:\Windows\System32\drivers\en-US\mssmbios.sys.mui[MofResource]LowDateTime:-592857982,HighDateTime:30543079***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000004591Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2023-07-10 08:23:35.177{4E8F5BFB-BFF7-64AB-9600-00000000F902}3892\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Wbem\WDM\DREDGE\C:\Windows\System32\drivers\mssmbios.sys[MofResource]LowDateTime:2077700573,HighDateTime:30531428***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000004590Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2023-07-10 08:23:35.177{4E8F5BFB-BFF7-64AB-9600-00000000F902}3892\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Wbem\WDM\DREDGE\C:\Windows\System32\drivers\en-US\ACPI.sys.mui[ACPIMOFResource]LowDateTime:-592701735,HighDateTime:30543079***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000004589Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2023-07-10 08:23:35.177{4E8F5BFB-BFF7-64AB-9600-00000000F902}3892\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Wbem\WDM\DREDGE\C:\Windows\System32\drivers\ACPI.sys[ACPIMOFResource]LowDateTime:-1594147734,HighDateTime:30671341***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000004588Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2023-07-10 08:23:35.177{4E8F5BFB-BFF7-64AB-9600-00000000F902}3892\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Wbem\WDM\DREDGE\C:\Windows\system32\en-US\kernelbase.dll.mui[MofResourceName]LowDateTime:2060133003,HighDateTime:30956657***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000004587Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2023-07-10 08:23:35.177{4E8F5BFB-BFF7-64AB-9600-00000000F902}3892\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Wbem\WDM\DREDGE\C:\Windows\system32\kernelbase.dll[MofResourceName]LowDateTime:1410566659,HighDateTime:31023839***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 12241200x80000000000000004586Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localSuspicious,ImageBeginWithBackslashDeleteKey2023-07-10 08:23:35.177{4E8F5BFB-BFF7-64AB-9600-00000000F902}3892\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Wbem\WDM\DREDGENT AUTHORITY\SYSTEM 13241300x80000000000000004585Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2023-07-10 08:23:35.177{4E8F5BFB-BFF7-64AB-9600-00000000F902}3892\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Wbem\PROVIDERS\Performance\Performance DataBinary DataNT AUTHORITY\SYSTEM 12241200x80000000000000003465Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localSuspicious,ImageBeginWithBackslashDeleteValue2023-07-10 08:23:36.838{08CB57FB-BFF5-64AB-8600-00000000FA02}372\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\UpdatingNT AUTHORITY\SYSTEM 13241300x80000000000000003464Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2023-07-10 08:23:36.838{08CB57FB-BFF5-64AB-8600-00000000FA02}372\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\System\CurrentControlSet\Services\WmiApRpl\Performance\Object List27202 27208 27218 27228 27248 27292 27302 27340 27346 27362NT AUTHORITY\SYSTEM 13241300x80000000000000003463Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2023-07-10 08:23:36.838{08CB57FB-BFF5-64AB-8600-00000000FA02}372\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\System\CurrentControlSet\Services\WmiApRpl\Performance\First HelpDWORD (0x00006a43)NT AUTHORITY\SYSTEM 13241300x80000000000000003462Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2023-07-10 08:23:36.838{08CB57FB-BFF5-64AB-8600-00000000FA02}372\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\System\CurrentControlSet\Services\WmiApRpl\Performance\First CounterDWORD (0x00006a42)NT AUTHORITY\SYSTEM 13241300x80000000000000003461Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2023-07-10 08:23:36.838{08CB57FB-BFF5-64AB-8600-00000000FA02}372\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\System\CurrentControlSet\Services\WmiApRpl\Performance\Last HelpDWORD (0x00006ae9)NT AUTHORITY\SYSTEM 13241300x80000000000000003460Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2023-07-10 08:23:36.838{08CB57FB-BFF5-64AB-8600-00000000FA02}372\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\System\CurrentControlSet\Services\WmiApRpl\Performance\Last CounterDWORD (0x00006ae8)NT AUTHORITY\SYSTEM 13241300x80000000000000003459Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2023-07-10 08:23:36.838{08CB57FB-BFF5-64AB-8600-00000000FA02}372\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\Last HelpDWORD (0x00006ae9)NT AUTHORITY\SYSTEM 13241300x80000000000000003458Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2023-07-10 08:23:36.838{08CB57FB-BFF5-64AB-8600-00000000FA02}372\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\Last CounterDWORD (0x00006ae8)NT AUTHORITY\SYSTEM 13241300x80000000000000003457Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2023-07-10 08:23:36.635{08CB57FB-BFF5-64AB-8600-00000000FA02}372\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\UpdatingWmiApRplNT AUTHORITY\SYSTEM 13241300x80000000000000003456Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2023-07-10 08:23:36.635{08CB57FB-BFF5-64AB-8600-00000000FA02}372\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\System\CurrentControlSet\Services\WmiApRpl\Performance\PerfIniFileWmiApRpl.iniNT AUTHORITY\SYSTEM 12241200x80000000000000003455Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localSuspicious,ImageBeginWithBackslashDeleteValue2023-07-10 08:23:36.635{08CB57FB-BFF5-64AB-8600-00000000FA02}372\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\UpdatingNT AUTHORITY\SYSTEM 12241200x80000000000000003454Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localSuspicious,ImageBeginWithBackslashDeleteValue2023-07-10 08:23:36.635{08CB57FB-BFF5-64AB-8600-00000000FA02}372\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\System\CurrentControlSet\Services\WmiApRpl\Performance\Object ListNT AUTHORITY\SYSTEM 12241200x80000000000000003453Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localSuspicious,ImageBeginWithBackslashDeleteValue2023-07-10 08:23:36.635{08CB57FB-BFF5-64AB-8600-00000000FA02}372\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\System\CurrentControlSet\Services\WmiApRpl\Performance\Last HelpNT AUTHORITY\SYSTEM 12241200x80000000000000003452Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localSuspicious,ImageBeginWithBackslashDeleteValue2023-07-10 08:23:36.635{08CB57FB-BFF5-64AB-8600-00000000FA02}372\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\System\CurrentControlSet\Services\WmiApRpl\Performance\First HelpNT AUTHORITY\SYSTEM 12241200x80000000000000003451Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localSuspicious,ImageBeginWithBackslashDeleteValue2023-07-10 08:23:36.635{08CB57FB-BFF5-64AB-8600-00000000FA02}372\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\System\CurrentControlSet\Services\WmiApRpl\Performance\Last CounterNT AUTHORITY\SYSTEM 12241200x80000000000000003450Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localSuspicious,ImageBeginWithBackslashDeleteValue2023-07-10 08:23:36.635{08CB57FB-BFF5-64AB-8600-00000000FA02}372\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\System\CurrentControlSet\Services\WmiApRpl\Performance\First CounterNT AUTHORITY\SYSTEM 13241300x80000000000000003449Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2023-07-10 08:23:36.635{08CB57FB-BFF5-64AB-8600-00000000FA02}372\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\Last HelpDWORD (0x00006a41)NT AUTHORITY\SYSTEM 13241300x80000000000000003448Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2023-07-10 08:23:36.635{08CB57FB-BFF5-64AB-8600-00000000FA02}372\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\Last CounterDWORD (0x00006a40)NT AUTHORITY\SYSTEM 13241300x80000000000000003447Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2023-07-10 08:23:36.603{08CB57FB-BFF5-64AB-8600-00000000FA02}372\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\UpdatingWmiApRplNT AUTHORITY\SYSTEM 13241300x80000000000000003478Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2023-07-10 08:23:40.682{08CB57FB-BFF5-64AB-8600-00000000FA02}372\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Wbem\PROVIDERS\Performance\Performance RefreshedDWORD (0x00000001)NT AUTHORITY\SYSTEM 13241300x80000000000000003477Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2023-07-10 08:23:40.682{08CB57FB-BFF5-64AB-8600-00000000FA02}372\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Wbem\PROVIDERS\Performance\Performance RefreshDWORD (0x00000000)NT AUTHORITY\SYSTEM 13241300x80000000000000003476Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2023-07-10 08:23:40.682{08CB57FB-BFF5-64AB-8600-00000000FA02}372\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Wbem\WDM\DREDGE\C:\Windows\System32\drivers\ena.sys[NdisMofResource]LowDateTime:1473079808,HighDateTime:30948602***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000003475Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2023-07-10 08:23:40.682{08CB57FB-BFF5-64AB-8600-00000000FA02}372\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Wbem\WDM\DREDGE\C:\Windows\System32\drivers\en-US\intelppm.sys.mui[PROCESSORWMI]LowDateTime:-592701735,HighDateTime:30543079***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000003474Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2023-07-10 08:23:40.682{08CB57FB-BFF5-64AB-8600-00000000FA02}372\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Wbem\WDM\DREDGE\C:\Windows\System32\drivers\intelppm.sys[PROCESSORWMI]LowDateTime:-1574338714,HighDateTime:30999909***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000003473Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2023-07-10 08:23:40.682{08CB57FB-BFF5-64AB-8600-00000000FA02}372\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Wbem\WDM\DREDGE\C:\Windows\System32\drivers\en-US\mssmbios.sys.mui[MofResource]LowDateTime:-592857982,HighDateTime:30543079***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000003472Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2023-07-10 08:23:40.682{08CB57FB-BFF5-64AB-8600-00000000FA02}372\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Wbem\WDM\DREDGE\C:\Windows\System32\drivers\mssmbios.sys[MofResource]LowDateTime:2077700573,HighDateTime:30531428***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000003471Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2023-07-10 08:23:40.682{08CB57FB-BFF5-64AB-8600-00000000FA02}372\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Wbem\WDM\DREDGE\C:\Windows\System32\drivers\en-US\ACPI.sys.mui[ACPIMOFResource]LowDateTime:-592701735,HighDateTime:30543079***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000003470Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2023-07-10 08:23:40.682{08CB57FB-BFF5-64AB-8600-00000000FA02}372\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Wbem\WDM\DREDGE\C:\Windows\System32\drivers\ACPI.sys[ACPIMOFResource]LowDateTime:-1594147734,HighDateTime:30671341***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000003469Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2023-07-10 08:23:40.682{08CB57FB-BFF5-64AB-8600-00000000FA02}372\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Wbem\WDM\DREDGE\C:\Windows\system32\en-US\kernelbase.dll.mui[MofResourceName]LowDateTime:2060133003,HighDateTime:30956657***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 13241300x80000000000000003468Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2023-07-10 08:23:40.682{08CB57FB-BFF5-64AB-8600-00000000FA02}372\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Wbem\WDM\DREDGE\C:\Windows\system32\kernelbase.dll[MofResourceName]LowDateTime:1410566659,HighDateTime:31023839***Binary mof compiled successfullyNT AUTHORITY\SYSTEM 12241200x80000000000000003467Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localSuspicious,ImageBeginWithBackslashDeleteKey2023-07-10 08:23:40.682{08CB57FB-BFF5-64AB-8600-00000000FA02}372\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Wbem\WDM\DREDGENT AUTHORITY\SYSTEM 13241300x80000000000000003466Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localSuspicious,ImageBeginWithBackslashSetValue2023-07-10 08:23:40.682{08CB57FB-BFF5-64AB-8600-00000000FA02}372\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Wbem\PROVIDERS\Performance\Performance DataBinary DataNT AUTHORITY\SYSTEM 154100x80000000000000004598Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 08:23:43.861{4E8F5BFB-C00F-64AB-9700-00000000F902}1264C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=A434E761D405DDC4EC4411D69D80BAAB,SHA256=DC09085E78020D3044660ED762A8FDBEA00FD859B4EADBE92F8725A9A654F294,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004599Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 08:23:45.725{4E8F5BFB-C011-64AB-9800-00000000F902}2944C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.5Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=513972A5A10DC2984285F0B15171C10E,SHA256=B025CC16487F6B5B1D63E7080172856F56A669764AF01CCE8C06B4CFDECCD682,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004600Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 08:23:47.432{4E8F5BFB-C013-64AB-9900-00000000F902}1112C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004601Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 08:23:48.183{4E8F5BFB-C014-64AB-9A00-00000000F902}3132C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004602Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 08:23:49.106{4E8F5BFB-C015-64AB-9B00-00000000F902}3120C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.5Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=056A3A318008FF93D6951CA5561B052F,SHA256=9FCD6D853054A359FDAB4CE80E110DEF60EA62DBE7EA90DCBA0FC0F778D0C4E7,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003479Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:24:26.438{08CB57FB-C03A-64AB-9700-00000000FA02}2780C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=A434E761D405DDC4EC4411D69D80BAAB,SHA256=DC09085E78020D3044660ED762A8FDBEA00FD859B4EADBE92F8725A9A654F294,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003480Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:24:28.263{08CB57FB-C03C-64AB-9800-00000000FA02}1924C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.5Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=513972A5A10DC2984285F0B15171C10E,SHA256=B025CC16487F6B5B1D63E7080172856F56A669764AF01CCE8C06B4CFDECCD682,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003482Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:24:30.966{08CB57FB-C03E-64AB-9A00-00000000FA02}588C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003481Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:24:30.060{08CB57FB-C03E-64AB-9900-00000000FA02}2444C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003483Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:24:31.716{08CB57FB-C03F-64AB-9B00-00000000FA02}2348C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.5Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=056A3A318008FF93D6951CA5561B052F,SHA256=9FCD6D853054A359FDAB4CE80E110DEF60EA62DBE7EA90DCBA0FC0F778D0C4E7,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004603Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 08:24:43.944{4E8F5BFB-C04B-64AB-9C00-00000000F902}3300C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=A434E761D405DDC4EC4411D69D80BAAB,SHA256=DC09085E78020D3044660ED762A8FDBEA00FD859B4EADBE92F8725A9A654F294,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004604Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 08:24:45.798{4E8F5BFB-C04D-64AB-9D00-00000000F902}1764C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.5Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=513972A5A10DC2984285F0B15171C10E,SHA256=B025CC16487F6B5B1D63E7080172856F56A669764AF01CCE8C06B4CFDECCD682,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004605Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 08:24:47.395{4E8F5BFB-C04F-64AB-9E00-00000000F902}2976C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004606Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 08:24:48.160{4E8F5BFB-C050-64AB-9F00-00000000F902}3164C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004607Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 08:24:49.177{4E8F5BFB-C051-64AB-A000-00000000F902}3464C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.5Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=056A3A318008FF93D6951CA5561B052F,SHA256=9FCD6D853054A359FDAB4CE80E110DEF60EA62DBE7EA90DCBA0FC0F778D0C4E7,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 22542200x80000000000000004608Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 08:24:48.349{4E8F5BFB-BF16-64AB-2500-00000000F902}2304ar-win-dc.attackrange.local0fe80::c883:140:1774:f352;::ffff:10.0.1.14;C:\Windows\System32\dfsrs.exeNT AUTHORITY\SYSTEM 154100x80000000000000003484Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:25:26.447{08CB57FB-C076-64AB-9C00-00000000FA02}468C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=A434E761D405DDC4EC4411D69D80BAAB,SHA256=DC09085E78020D3044660ED762A8FDBEA00FD859B4EADBE92F8725A9A654F294,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003485Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:25:28.271{08CB57FB-C078-64AB-9D00-00000000FA02}456C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.5Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=513972A5A10DC2984285F0B15171C10E,SHA256=B025CC16487F6B5B1D63E7080172856F56A669764AF01CCE8C06B4CFDECCD682,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003487Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:25:30.983{08CB57FB-C07A-64AB-9F00-00000000FA02}328C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003486Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:25:30.076{08CB57FB-C07A-64AB-9E00-00000000FA02}452C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003488Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:25:31.733{08CB57FB-C07B-64AB-A000-00000000FA02}2804C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.5Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=056A3A318008FF93D6951CA5561B052F,SHA256=9FCD6D853054A359FDAB4CE80E110DEF60EA62DBE7EA90DCBA0FC0F778D0C4E7,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004609Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 08:25:44.004{4E8F5BFB-C088-64AB-A100-00000000F902}2096C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=A434E761D405DDC4EC4411D69D80BAAB,SHA256=DC09085E78020D3044660ED762A8FDBEA00FD859B4EADBE92F8725A9A654F294,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004610Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 08:25:45.863{4E8F5BFB-C089-64AB-A200-00000000F902}2796C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.5Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=513972A5A10DC2984285F0B15171C10E,SHA256=B025CC16487F6B5B1D63E7080172856F56A669764AF01CCE8C06B4CFDECCD682,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004611Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 08:25:47.464{4E8F5BFB-C08B-64AB-A300-00000000F902}3904C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004612Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 08:25:48.230{4E8F5BFB-C08C-64AB-A400-00000000F902}3336C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004613Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 08:25:49.246{4E8F5BFB-C08D-64AB-A500-00000000F902}516C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.5Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=056A3A318008FF93D6951CA5561B052F,SHA256=9FCD6D853054A359FDAB4CE80E110DEF60EA62DBE7EA90DCBA0FC0F778D0C4E7,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003489Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:26:26.464{08CB57FB-C0B2-64AB-A100-00000000FA02}2360C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=A434E761D405DDC4EC4411D69D80BAAB,SHA256=DC09085E78020D3044660ED762A8FDBEA00FD859B4EADBE92F8725A9A654F294,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003490Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:26:28.292{08CB57FB-C0B4-64AB-A200-00000000FA02}2460C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.5Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=513972A5A10DC2984285F0B15171C10E,SHA256=B025CC16487F6B5B1D63E7080172856F56A669764AF01CCE8C06B4CFDECCD682,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003491Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:26:30.084{08CB57FB-C0B6-64AB-A300-00000000FA02}2648C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003493Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:26:31.719{08CB57FB-C0B7-64AB-A500-00000000FA02}3024C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.5Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=056A3A318008FF93D6951CA5561B052F,SHA256=9FCD6D853054A359FDAB4CE80E110DEF60EA62DBE7EA90DCBA0FC0F778D0C4E7,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003492Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:26:31.000{08CB57FB-C0B7-64AB-A400-00000000FA02}1272C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004614Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 08:26:44.067{4E8F5BFB-C0C4-64AB-A600-00000000F902}3360C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=A434E761D405DDC4EC4411D69D80BAAB,SHA256=DC09085E78020D3044660ED762A8FDBEA00FD859B4EADBE92F8725A9A654F294,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004615Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 08:26:45.912{4E8F5BFB-C0C5-64AB-A700-00000000F902}344C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.5Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=513972A5A10DC2984285F0B15171C10E,SHA256=B025CC16487F6B5B1D63E7080172856F56A669764AF01CCE8C06B4CFDECCD682,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004616Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 08:26:47.374{4E8F5BFB-C0C7-64AB-A800-00000000F902}2804C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004617Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 08:26:48.140{4E8F5BFB-C0C8-64AB-A900-00000000F902}3476C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004618Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 08:26:49.280{4E8F5BFB-C0C9-64AB-AA00-00000000F902}2528C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.5Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=056A3A318008FF93D6951CA5561B052F,SHA256=9FCD6D853054A359FDAB4CE80E110DEF60EA62DBE7EA90DCBA0FC0F778D0C4E7,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003494Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:27:26.497{08CB57FB-C0EE-64AB-A600-00000000FA02}2348C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=A434E761D405DDC4EC4411D69D80BAAB,SHA256=DC09085E78020D3044660ED762A8FDBEA00FD859B4EADBE92F8725A9A654F294,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003495Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:27:28.309{08CB57FB-C0F0-64AB-A700-00000000FA02}1176C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.5Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=513972A5A10DC2984285F0B15171C10E,SHA256=B025CC16487F6B5B1D63E7080172856F56A669764AF01CCE8C06B4CFDECCD682,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003496Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:27:30.107{08CB57FB-C0F2-64AB-A800-00000000FA02}2856C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003498Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:27:31.786{08CB57FB-C0F3-64AB-AA00-00000000FA02}2688C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.5Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=056A3A318008FF93D6951CA5561B052F,SHA256=9FCD6D853054A359FDAB4CE80E110DEF60EA62DBE7EA90DCBA0FC0F778D0C4E7,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003497Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:27:31.024{08CB57FB-C0F3-64AB-A900-00000000FA02}1880C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004619Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 08:27:44.111{4E8F5BFB-C100-64AB-AB00-00000000F902}3036C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=A434E761D405DDC4EC4411D69D80BAAB,SHA256=DC09085E78020D3044660ED762A8FDBEA00FD859B4EADBE92F8725A9A654F294,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004620Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 08:27:45.940{4E8F5BFB-C101-64AB-AC00-00000000F902}3052C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.5Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=513972A5A10DC2984285F0B15171C10E,SHA256=B025CC16487F6B5B1D63E7080172856F56A669764AF01CCE8C06B4CFDECCD682,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004621Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 08:27:47.410{4E8F5BFB-C103-64AB-AD00-00000000F902}2080C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004622Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 08:27:48.174{4E8F5BFB-C104-64AB-AE00-00000000F902}1068C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004623Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 08:27:49.323{4E8F5BFB-C105-64AB-AF00-00000000F902}472C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.5Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=056A3A318008FF93D6951CA5561B052F,SHA256=9FCD6D853054A359FDAB4CE80E110DEF60EA62DBE7EA90DCBA0FC0F778D0C4E7,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003499Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:28:26.525{08CB57FB-C12A-64AB-AB00-00000000FA02}328C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=A434E761D405DDC4EC4411D69D80BAAB,SHA256=DC09085E78020D3044660ED762A8FDBEA00FD859B4EADBE92F8725A9A654F294,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003500Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:28:28.338{08CB57FB-C12C-64AB-AC00-00000000FA02}2028C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.5Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=513972A5A10DC2984285F0B15171C10E,SHA256=B025CC16487F6B5B1D63E7080172856F56A669764AF01CCE8C06B4CFDECCD682,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003501Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:28:30.120{08CB57FB-C12E-64AB-AD00-00000000FA02}2500C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003503Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:28:31.809{08CB57FB-C12F-64AB-AF00-00000000FA02}3040C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.5Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=056A3A318008FF93D6951CA5561B052F,SHA256=9FCD6D853054A359FDAB4CE80E110DEF60EA62DBE7EA90DCBA0FC0F778D0C4E7,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000003502Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:28:31.058{08CB57FB-C12F-64AB-AE00-00000000FA02}3068C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004624Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 08:28:44.147{4E8F5BFB-C13C-64AB-B000-00000000F902}2680C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=A434E761D405DDC4EC4411D69D80BAAB,SHA256=DC09085E78020D3044660ED762A8FDBEA00FD859B4EADBE92F8725A9A654F294,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004625Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 08:28:45.976{4E8F5BFB-C13D-64AB-B100-00000000F902}4012C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.5Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=513972A5A10DC2984285F0B15171C10E,SHA256=B025CC16487F6B5B1D63E7080172856F56A669764AF01CCE8C06B4CFDECCD682,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004626Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 08:28:47.368{4E8F5BFB-C13F-64AB-B200-00000000F902}2344C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004627Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 08:28:48.134{4E8F5BFB-C140-64AB-B300-00000000F902}1112C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004628Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 08:28:49.364{4E8F5BFB-C141-64AB-B400-00000000F902}1428C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.5Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=056A3A318008FF93D6951CA5561B052F,SHA256=9FCD6D853054A359FDAB4CE80E110DEF60EA62DBE7EA90DCBA0FC0F778D0C4E7,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 22542200x80000000000000004629Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 08:29:16.044{4E8F5BFB-BF05-64AB-1000-00000000F902}1012AR-WIN-DC0fe80::c883:140:1774:f352;::ffff:10.0.1.14;C:\Windows\System32\svchost.exeNT AUTHORITY\LOCAL SERVICE 154100x80000000000000003505Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:29:19.515{08CB57FB-C15F-64AB-C000-00000000FA02}2796C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngentask.exe4.8.4330.0 built by: NET48REL1LAST_BMicrosoft .NET Framework optimization serviceMicrosoft® .NET FrameworkMicrosoft CorporationNGenTask.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\NGenTask.exe" /RuntimeWide /StopEvent:404C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=196F531423F864F990B24F3D3AFA9AA1,SHA256=353C8C617C87A56F93C9914E219BE4E30A45A0DEA8D98BF34C6BD81A6A287916,IMPHASH=F34D5F2D4577ED6D9CEEC516C1F5A744{08CB57FB-C15F-64AB-B500-00000000FA02}2376C:\Windows\System32\taskhostw.exetaskhostw.exe /RuntimeWideNT AUTHORITY\SYSTEM 154100x80000000000000003504Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:29:19.501{08CB57FB-C15F-64AB-BE00-00000000FA02}1008C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentask.exe4.8.4330.0 built by: NET48REL1LAST_BMicrosoft .NET Framework optimization serviceMicrosoft® .NET FrameworkMicrosoft CorporationNGenTask.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\NGenTask.exe" /RuntimeWide /StopEvent:420C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=D2DDF021EE6A8A649FB58F6DD05EDED7,SHA256=AC1B312B5D048DAC81327CF083BDEF2966AA883208455490E73D6E34C932B7D9,IMPHASH=00000000000000000000000000000000{08CB57FB-C15F-64AB-B500-00000000FA02}2376C:\Windows\System32\taskhostw.exetaskhostw.exe /RuntimeWideNT AUTHORITY\SYSTEM 154100x80000000000000004631Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 08:29:21.616{4E8F5BFB-C161-64AB-C400-00000000F902}2372C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngentask.exe4.8.4330.0 built by: NET48REL1LAST_BMicrosoft .NET Framework optimization serviceMicrosoft® .NET FrameworkMicrosoft CorporationNGenTask.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\NGenTask.exe" /RuntimeWide /StopEvent:420C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=196F531423F864F990B24F3D3AFA9AA1,SHA256=353C8C617C87A56F93C9914E219BE4E30A45A0DEA8D98BF34C6BD81A6A287916,IMPHASH=F34D5F2D4577ED6D9CEEC516C1F5A744{4E8F5BFB-C161-64AB-BA00-00000000F902}1168C:\Windows\System32\taskhostw.exetaskhostw.exeNT AUTHORITY\SYSTEM 154100x80000000000000004630Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 08:29:21.600{4E8F5BFB-C161-64AB-C200-00000000F902}2472C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentask.exe4.8.4330.0 built by: NET48REL1LAST_BMicrosoft .NET Framework optimization serviceMicrosoft® .NET FrameworkMicrosoft CorporationNGenTask.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\NGenTask.exe" /RuntimeWide /StopEvent:428C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=D2DDF021EE6A8A649FB58F6DD05EDED7,SHA256=AC1B312B5D048DAC81327CF083BDEF2966AA883208455490E73D6E34C932B7D9,IMPHASH=00000000000000000000000000000000{4E8F5BFB-C161-64AB-BA00-00000000F902}1168C:\Windows\System32\taskhostw.exetaskhostw.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003574Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:25.981{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\atlassian.bitbuc|b93909779179097a\BinProductVersion2.1.2.0NT AUTHORITY\SYSTEM 13241300x80000000000000003573Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:25.981{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\atlassian.bitbuc|b93909779179097a\LinkDate03/28/2092 07:26:30NT AUTHORITY\SYSTEM 13241300x80000000000000003572Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:25.981{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\atlassian.bitbuc|b93909779179097a\Publisheratlassian.bitbucket.uiNT AUTHORITY\SYSTEM 13241300x80000000000000003571Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:25.981{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\atlassian.bitbuc|b93909779179097a\LowerCaseLongPathc:\program files\git\mingw64\bin\atlassian.bitbucket.ui.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003570Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:25.981{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\arch.exe|6cd29c8ee920e833\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003569Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:25.981{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\arch.exe|6cd29c8ee920e833\LinkDate11/15/2022 17:18:39NT AUTHORITY\SYSTEM 13241300x80000000000000003568Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:25.981{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\arch.exe|6cd29c8ee920e833\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003567Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:25.981{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\arch.exe|6cd29c8ee920e833\LowerCaseLongPathc:\program files\git\usr\bin\arch.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003566Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:25.965{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\antiword.exe|f9989c5a06cca46c\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003565Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:25.965{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\antiword.exe|f9989c5a06cca46c\LinkDate10/29/2022 11:36:08NT AUTHORITY\SYSTEM 13241300x80000000000000003564Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:25.965{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\antiword.exe|f9989c5a06cca46c\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003563Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:25.965{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\antiword.exe|f9989c5a06cca46c\LowerCaseLongPathc:\program files\git\mingw64\bin\antiword.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003562Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:25.965{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\ahost.exe|40c7db6e62088170\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003561Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:25.965{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\ahost.exe|40c7db6e62088170\LinkDate05/22/2023 17:13:27NT AUTHORITY\SYSTEM 13241300x80000000000000003560Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:25.965{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\ahost.exe|40c7db6e62088170\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003559Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:25.965{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\ahost.exe|40c7db6e62088170\LowerCaseLongPathc:\program files\git\mingw64\bin\ahost.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003558Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:25.965{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\adig.exe|8c2dc2d7e3156644\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003557Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:25.965{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\adig.exe|8c2dc2d7e3156644\LinkDate05/22/2023 17:13:27NT AUTHORITY\SYSTEM 13241300x80000000000000003556Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:25.965{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\adig.exe|8c2dc2d7e3156644\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003555Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:25.965{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\adig.exe|8c2dc2d7e3156644\LowerCaseLongPathc:\program files\git\mingw64\bin\adig.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003554Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:25.950{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\acountry.exe|45550c852fce5231\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003553Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:25.950{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\acountry.exe|45550c852fce5231\LinkDate05/22/2023 17:13:27NT AUTHORITY\SYSTEM 13241300x80000000000000003552Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:25.950{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\acountry.exe|45550c852fce5231\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003551Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:25.950{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\acountry.exe|45550c852fce5231\LowerCaseLongPathc:\program files\git\mingw64\bin\acountry.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003550Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:25.934{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplication\000008da19b4d6c4bf24de514b37baf01a5b0000ffff\PublisherMozillaNT AUTHORITY\SYSTEM 13241300x80000000000000003549Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:25.934{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\updater.exe|c1b2e9c223e636df\BinProductVersion115.0.0.8580NT AUTHORITY\SYSTEM 13241300x80000000000000003548Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:25.934{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\updater.exe|c1b2e9c223e636df\LinkDate06/29/2023 15:24:53NT AUTHORITY\SYSTEM 13241300x80000000000000003547Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:25.934{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\updater.exe|c1b2e9c223e636df\Publishermozilla foundationNT AUTHORITY\SYSTEM 13241300x80000000000000003546Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:25.934{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\updater.exe|c1b2e9c223e636df\LowerCaseLongPathc:\program files\mozilla firefox\updater.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003545Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:25.934{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\private_browsing|8df236c0e7f5a36b\BinProductVersion115.0.0.0NT AUTHORITY\SYSTEM 13241300x80000000000000003544Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:25.934{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\private_browsing|8df236c0e7f5a36b\LinkDate06/29/2023 15:24:44NT AUTHORITY\SYSTEM 13241300x80000000000000003543Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:25.934{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\private_browsing|8df236c0e7f5a36b\Publishermozilla corporationNT AUTHORITY\SYSTEM 13241300x80000000000000003542Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:25.934{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\private_browsing|8df236c0e7f5a36b\LowerCaseLongPathc:\program files\mozilla firefox\private_browsing.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003541Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:25.934{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\plugin-container|bff6e47ff7f94db5\BinProductVersion115.0.0.0NT AUTHORITY\SYSTEM 13241300x80000000000000003540Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:25.934{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\plugin-container|bff6e47ff7f94db5\LinkDate06/29/2023 15:42:34NT AUTHORITY\SYSTEM 13241300x80000000000000003539Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:25.934{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\plugin-container|bff6e47ff7f94db5\Publishermozilla corporationNT AUTHORITY\SYSTEM 13241300x80000000000000003538Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:25.934{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\plugin-container|bff6e47ff7f94db5\LowerCaseLongPathc:\program files\mozilla firefox\plugin-container.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003537Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:25.919{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\pingsender.exe|aaf23943349d4957\BinProductVersion115.0.0.8580NT AUTHORITY\SYSTEM 13241300x80000000000000003536Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:25.919{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\pingsender.exe|aaf23943349d4957\LinkDate06/29/2023 15:25:13NT AUTHORITY\SYSTEM 13241300x80000000000000003535Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:25.919{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\pingsender.exe|aaf23943349d4957\Publishermozilla foundationNT AUTHORITY\SYSTEM 13241300x80000000000000003534Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:25.919{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\pingsender.exe|aaf23943349d4957\LowerCaseLongPathc:\program files\mozilla firefox\pingsender.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003533Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:25.919{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\minidump-analyze|c30fa22ff3f6a149\BinProductVersion115.0.0.8580NT AUTHORITY\SYSTEM 13241300x80000000000000003532Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:25.919{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\minidump-analyze|c30fa22ff3f6a149\LinkDate06/29/2023 15:25:16NT AUTHORITY\SYSTEM 13241300x80000000000000003531Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:25.919{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\minidump-analyze|c30fa22ff3f6a149\Publishermozilla foundationNT AUTHORITY\SYSTEM 13241300x80000000000000003530Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:25.919{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\minidump-analyze|c30fa22ff3f6a149\LowerCaseLongPathc:\program files\mozilla firefox\minidump-analyzer.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003529Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:25.903{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\maintenanceservi|a02830353e4ef7f\BinProductVersion1.0.0.0NT AUTHORITY\SYSTEM 13241300x80000000000000003528Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:25.903{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\maintenanceservi|a02830353e4ef7f\LinkDate07/24/2021 22:21:04NT AUTHORITY\SYSTEM 13241300x80000000000000003527Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:25.903{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\maintenanceservi|a02830353e4ef7f\Publishermozilla corporationNT AUTHORITY\SYSTEM 13241300x80000000000000003526Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:25.903{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\maintenanceservi|a02830353e4ef7f\LowerCaseLongPathc:\program files\mozilla firefox\maintenanceservice_installer.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003525Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:25.903{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\maintenanceservi|97180995320ca115\BinProductVersion115.0.0.8580NT AUTHORITY\SYSTEM 13241300x80000000000000003524Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:25.903{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\maintenanceservi|97180995320ca115\LinkDate06/29/2023 15:25:12NT AUTHORITY\SYSTEM 13241300x80000000000000003523Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:25.903{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\maintenanceservi|97180995320ca115\Publishermozilla foundationNT AUTHORITY\SYSTEM 13241300x80000000000000003522Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:25.903{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\maintenanceservi|97180995320ca115\LowerCaseLongPathc:\program files\mozilla firefox\maintenanceservice.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003521Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:25.903{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\helper.exe|e5fe7566efc548ac\BinProductVersion1.0.0.0NT AUTHORITY\SYSTEM 13241300x80000000000000003520Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:25.903{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\helper.exe|e5fe7566efc548ac\LinkDate07/24/2021 22:21:04NT AUTHORITY\SYSTEM 13241300x80000000000000003519Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:25.903{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\helper.exe|e5fe7566efc548ac\Publishermozilla corporationNT AUTHORITY\SYSTEM 13241300x80000000000000003518Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:25.903{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\helper.exe|e5fe7566efc548ac\LowerCaseLongPathc:\program files\mozilla firefox\uninstall\helper.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003517Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:25.887{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\firefox.exe|ebd16581180f4552\BinProductVersion115.0.0.0NT AUTHORITY\SYSTEM 13241300x80000000000000003516Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:25.887{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\firefox.exe|ebd16581180f4552\LinkDate06/29/2023 15:25:05NT AUTHORITY\SYSTEM 13241300x80000000000000003515Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:25.887{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\firefox.exe|ebd16581180f4552\Publishermozilla corporationNT AUTHORITY\SYSTEM 13241300x80000000000000003514Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:25.887{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\firefox.exe|ebd16581180f4552\LowerCaseLongPathc:\program files\mozilla firefox\firefox.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003513Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:25.871{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\default-browser-|dc77861eecd2248\BinProductVersion115.0.0.8580NT AUTHORITY\SYSTEM 13241300x80000000000000003512Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:25.871{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\default-browser-|dc77861eecd2248\LinkDate06/29/2023 15:31:50NT AUTHORITY\SYSTEM 13241300x80000000000000003511Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:25.871{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\default-browser-|dc77861eecd2248\Publishermozilla foundationNT AUTHORITY\SYSTEM 13241300x80000000000000003510Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:25.871{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\default-browser-|dc77861eecd2248\LowerCaseLongPathc:\program files\mozilla firefox\default-browser-agent.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003509Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:25.856{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\crashreporter.ex|63c55d3d1009672b\BinProductVersion115.0.0.8580NT AUTHORITY\SYSTEM 13241300x80000000000000003508Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:25.856{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\crashreporter.ex|63c55d3d1009672b\LinkDate06/29/2023 15:25:49NT AUTHORITY\SYSTEM 13241300x80000000000000003507Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:25.856{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\crashreporter.ex|63c55d3d1009672b\Publishermozilla foundationNT AUTHORITY\SYSTEM 13241300x80000000000000003506Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:25.856{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\crashreporter.ex|63c55d3d1009672b\LowerCaseLongPathc:\program files\mozilla firefox\crashreporter.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003999Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:26.981{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git-remote-http.|7c133653a586f83\BinProductVersion2.41.0.1NT AUTHORITY\SYSTEM 13241300x80000000000000003998Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:26.981{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git-remote-http.|7c133653a586f83\LinkDate06/01/2023 16:34:16NT AUTHORITY\SYSTEM 13241300x80000000000000003997Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:26.981{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git-remote-http.|7c133653a586f83\Publisherthe git development communityNT AUTHORITY\SYSTEM 13241300x80000000000000003996Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:26.981{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git-remote-http.|7c133653a586f83\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-remote-http.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003995Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:26.950{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git-remote-ftps.|3aad054899c73a4b\BinProductVersion2.41.0.1NT AUTHORITY\SYSTEM 13241300x80000000000000003994Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:26.950{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git-remote-ftps.|3aad054899c73a4b\LinkDate06/01/2023 16:34:16NT AUTHORITY\SYSTEM 13241300x80000000000000003993Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:26.950{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git-remote-ftps.|3aad054899c73a4b\Publisherthe git development communityNT AUTHORITY\SYSTEM 13241300x80000000000000003992Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:26.950{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git-remote-ftps.|3aad054899c73a4b\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-remote-ftps.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003991Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:26.934{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git-remote-ftp.e|a2604470889ec908\BinProductVersion2.41.0.1NT AUTHORITY\SYSTEM 13241300x80000000000000003990Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:26.934{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git-remote-ftp.e|a2604470889ec908\LinkDate06/01/2023 16:34:16NT AUTHORITY\SYSTEM 13241300x80000000000000003989Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:26.934{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git-remote-ftp.e|a2604470889ec908\Publisherthe git development communityNT AUTHORITY\SYSTEM 13241300x80000000000000003988Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:26.934{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git-remote-ftp.e|a2604470889ec908\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-remote-ftp.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003987Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:26.887{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git-receive-pack|8e78e4fb26db059a\BinProductVersion2.41.0.1NT AUTHORITY\SYSTEM 13241300x80000000000000003986Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:26.887{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git-receive-pack|8e78e4fb26db059a\LinkDate06/01/2023 16:34:16NT AUTHORITY\SYSTEM 13241300x80000000000000003985Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:26.887{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git-receive-pack|8e78e4fb26db059a\Publisherthe git development communityNT AUTHORITY\SYSTEM 13241300x80000000000000003984Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:26.887{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git-receive-pack|8e78e4fb26db059a\LowerCaseLongPathc:\program files\git\mingw64\bin\git-receive-pack.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003983Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:26.872{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git-lfs.exe|a5073c52b01e7b5b\BinProductVersion0.0.0.0NT AUTHORITY\SYSTEM 13241300x80000000000000003982Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:26.872{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git-lfs.exe|a5073c52b01e7b5b\LinkDate01/01/1970 00:00:00NT AUTHORITY\SYSTEM 13241300x80000000000000003981Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:26.872{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git-lfs.exe|a5073c52b01e7b5b\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003980Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:26.872{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git-lfs.exe|a5073c52b01e7b5b\LowerCaseLongPathc:\program files\git\mingw64\bin\git-lfs.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003979Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:26.794{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git-lfs.exe|5a5fd3616aa3e5b5\BinProductVersion2.41.0.1NT AUTHORITY\SYSTEM 13241300x80000000000000003978Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:26.794{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git-lfs.exe|5a5fd3616aa3e5b5\LinkDate06/01/2023 16:34:16NT AUTHORITY\SYSTEM 13241300x80000000000000003977Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:26.794{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git-lfs.exe|5a5fd3616aa3e5b5\Publisherthe git development communityNT AUTHORITY\SYSTEM 13241300x80000000000000003976Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:26.794{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git-lfs.exe|5a5fd3616aa3e5b5\LowerCaseLongPathc:\program files\git\cmd\git-lfs.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003975Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:26.794{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git-imap-send.ex|b89b2f1409a90d85\BinProductVersion2.41.0.1NT AUTHORITY\SYSTEM 13241300x80000000000000003974Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:26.794{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git-imap-send.ex|b89b2f1409a90d85\LinkDate06/01/2023 16:34:16NT AUTHORITY\SYSTEM 13241300x80000000000000003973Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:26.794{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git-imap-send.ex|b89b2f1409a90d85\Publisherthe git development communityNT AUTHORITY\SYSTEM 13241300x80000000000000003972Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:26.794{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git-imap-send.ex|b89b2f1409a90d85\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-imap-send.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003971Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:26.778{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git-http-push.ex|68d3cf7d040e7329\BinProductVersion2.41.0.1NT AUTHORITY\SYSTEM 13241300x80000000000000003970Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:26.778{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git-http-push.ex|68d3cf7d040e7329\LinkDate06/01/2023 16:34:16NT AUTHORITY\SYSTEM 13241300x80000000000000003969Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:26.778{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git-http-push.ex|68d3cf7d040e7329\Publisherthe git development communityNT AUTHORITY\SYSTEM 13241300x80000000000000003968Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:26.778{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git-http-push.ex|68d3cf7d040e7329\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-http-push.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003967Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:26.747{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git-http-fetch.e|ab1d6cbc9e29e771\BinProductVersion2.41.0.1NT AUTHORITY\SYSTEM 13241300x80000000000000003966Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:26.747{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git-http-fetch.e|ab1d6cbc9e29e771\LinkDate06/01/2023 16:34:16NT AUTHORITY\SYSTEM 13241300x80000000000000003965Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:26.747{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git-http-fetch.e|ab1d6cbc9e29e771\Publisherthe git development communityNT AUTHORITY\SYSTEM 13241300x80000000000000003964Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:26.747{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git-http-fetch.e|ab1d6cbc9e29e771\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-http-fetch.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003963Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:26.731{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git-http-backend|bf2a9779f0e0f190\BinProductVersion2.41.0.1NT AUTHORITY\SYSTEM 13241300x80000000000000003962Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:26.731{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git-http-backend|bf2a9779f0e0f190\LinkDate06/01/2023 16:34:16NT AUTHORITY\SYSTEM 13241300x80000000000000003961Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:26.731{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git-http-backend|bf2a9779f0e0f190\Publisherthe git development communityNT AUTHORITY\SYSTEM 13241300x80000000000000003960Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:26.731{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git-http-backend|bf2a9779f0e0f190\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-http-backend.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003959Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:26.669{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git-gui.exe|d3e16d00d6d9753e\BinProductVersion2.41.0.1NT AUTHORITY\SYSTEM 13241300x80000000000000003958Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:26.669{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git-gui.exe|d3e16d00d6d9753e\LinkDate06/01/2023 16:34:16NT AUTHORITY\SYSTEM 13241300x80000000000000003957Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:26.669{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git-gui.exe|d3e16d00d6d9753e\Publisherthe git development communityNT AUTHORITY\SYSTEM 13241300x80000000000000003956Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:26.669{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git-gui.exe|d3e16d00d6d9753e\LowerCaseLongPathc:\program files\git\cmd\git-gui.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003955Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:26.653{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git-daemon.exe|4df8efdd24573ae6\BinProductVersion2.41.0.1NT AUTHORITY\SYSTEM 13241300x80000000000000003954Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:26.653{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git-daemon.exe|4df8efdd24573ae6\LinkDate06/01/2023 16:34:16NT AUTHORITY\SYSTEM 13241300x80000000000000003953Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:26.653{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git-daemon.exe|4df8efdd24573ae6\Publisherthe git development communityNT AUTHORITY\SYSTEM 13241300x80000000000000003952Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:26.653{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git-daemon.exe|4df8efdd24573ae6\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-daemon.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003951Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:26.637{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git-credential-w|dd4fe27e45e1fd6b\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003950Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:26.637{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git-credential-w|dd4fe27e45e1fd6b\LinkDate06/01/2023 16:34:16NT AUTHORITY\SYSTEM 13241300x80000000000000003949Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:26.637{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git-credential-w|dd4fe27e45e1fd6b\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003948Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:26.637{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git-credential-w|dd4fe27e45e1fd6b\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-credential-wincred.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003947Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:26.637{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git-credential-m|b01c0b354a60e1d8\BinProductVersion2.1.2.0NT AUTHORITY\SYSTEM 13241300x80000000000000003946Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:26.637{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git-credential-m|b01c0b354a60e1d8\LinkDate12/23/2092 08:11:48NT AUTHORITY\SYSTEM 13241300x80000000000000003945Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:26.637{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git-credential-m|b01c0b354a60e1d8\Publishergit-credential-managerNT AUTHORITY\SYSTEM 13241300x80000000000000003944Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:26.637{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git-credential-m|b01c0b354a60e1d8\LowerCaseLongPathc:\program files\git\mingw64\bin\git-credential-manager.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003943Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:26.622{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git-credential-m|68986ac338ae44eb\BinProductVersion2.1.2.0NT AUTHORITY\SYSTEM 13241300x80000000000000003942Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:26.622{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git-credential-m|68986ac338ae44eb\LinkDate12/23/2092 08:11:48NT AUTHORITY\SYSTEM 13241300x80000000000000003941Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:26.622{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git-credential-m|68986ac338ae44eb\Publishergit-credential-managerNT AUTHORITY\SYSTEM 13241300x80000000000000003940Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:26.622{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git-credential-m|68986ac338ae44eb\LowerCaseLongPathc:\program files\git\mingw64\bin\git-credential-manager-core.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003939Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:26.622{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git-credential-m|47ee54a0a2f4693e\BinProductVersion2.1.2.0NT AUTHORITY\SYSTEM 13241300x80000000000000003938Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:26.622{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git-credential-m|47ee54a0a2f4693e\LinkDate07/15/2096 15:44:33NT AUTHORITY\SYSTEM 13241300x80000000000000003937Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:26.622{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git-credential-m|47ee54a0a2f4693e\Publishergit-credential-manager-uiNT AUTHORITY\SYSTEM 13241300x80000000000000003936Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:26.622{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git-credential-m|47ee54a0a2f4693e\LowerCaseLongPathc:\program files\git\mingw64\bin\git-credential-manager-ui.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003935Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:26.622{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git-credential-h|e6dcddb0bd298778\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003934Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:26.622{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git-credential-h|e6dcddb0bd298778\LinkDate05/01/2023 20:06:59NT AUTHORITY\SYSTEM 13241300x80000000000000003933Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:26.622{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git-credential-h|e6dcddb0bd298778\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003932Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:26.622{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git-credential-h|e6dcddb0bd298778\LowerCaseLongPathc:\program files\git\mingw64\bin\git-credential-helper-selector.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003931Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:26.622{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git-cmd.exe|7955156508a74f3e\BinProductVersion2.41.0.1NT AUTHORITY\SYSTEM 13241300x80000000000000003930Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:26.622{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git-cmd.exe|7955156508a74f3e\LinkDate06/01/2023 16:34:16NT AUTHORITY\SYSTEM 13241300x80000000000000003929Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:26.622{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git-cmd.exe|7955156508a74f3e\Publisherthe git development communityNT AUTHORITY\SYSTEM 13241300x80000000000000003928Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:26.622{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git-cmd.exe|7955156508a74f3e\LowerCaseLongPathc:\program files\git\git-cmd.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003927Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:26.622{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git-bash.exe|bb55e09d0018cc9\BinProductVersion2.41.0.1NT AUTHORITY\SYSTEM 13241300x80000000000000003926Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:26.622{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git-bash.exe|bb55e09d0018cc9\LinkDate06/01/2023 16:34:16NT AUTHORITY\SYSTEM 13241300x80000000000000003925Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:26.622{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git-bash.exe|bb55e09d0018cc9\Publisherthe git development communityNT AUTHORITY\SYSTEM 13241300x80000000000000003924Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:26.622{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git-bash.exe|bb55e09d0018cc9\LowerCaseLongPathc:\program files\git\git-bash.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003923Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:26.575{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git-askyesno.exe|307382c653791a6b\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003922Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:26.575{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git-askyesno.exe|307382c653791a6b\LinkDate05/01/2023 20:06:59NT AUTHORITY\SYSTEM 13241300x80000000000000003921Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:26.575{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git-askyesno.exe|307382c653791a6b\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003920Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:26.575{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git-askyesno.exe|307382c653791a6b\LowerCaseLongPathc:\program files\git\mingw64\bin\git-askyesno.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003919Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:26.575{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git-askpass.exe|e2b400b31b8b5d22\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003918Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:26.575{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git-askpass.exe|e2b400b31b8b5d22\LinkDate05/01/2023 20:06:59NT AUTHORITY\SYSTEM 13241300x80000000000000003917Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:26.575{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git-askpass.exe|e2b400b31b8b5d22\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003916Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:26.575{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git-askpass.exe|e2b400b31b8b5d22\LowerCaseLongPathc:\program files\git\mingw64\bin\git-askpass.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003915Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:26.575{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\gettext.exe|8596cb6c6d32afb4\BinProductVersion0.21.0.0NT AUTHORITY\SYSTEM 13241300x80000000000000003914Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:26.575{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\gettext.exe|8596cb6c6d32afb4\LinkDate01/01/1970 00:00:00NT AUTHORITY\SYSTEM 13241300x80000000000000003913Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:26.575{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\gettext.exe|8596cb6c6d32afb4\Publisherfree software foundationNT AUTHORITY\SYSTEM 13241300x80000000000000003912Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:26.575{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\gettext.exe|8596cb6c6d32afb4\LowerCaseLongPathc:\program files\git\usr\bin\gettext.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003911Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:26.575{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\gettext.exe|3980488749a39656\BinProductVersion0.21.1.0NT AUTHORITY\SYSTEM 13241300x80000000000000003910Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:26.575{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\gettext.exe|3980488749a39656\LinkDate01/23/2023 07:56:40NT AUTHORITY\SYSTEM 13241300x80000000000000003909Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:26.575{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\gettext.exe|3980488749a39656\Publisherfree software foundationNT AUTHORITY\SYSTEM 13241300x80000000000000003908Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:26.575{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\gettext.exe|3980488749a39656\LowerCaseLongPathc:\program files\git\mingw64\bin\gettext.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003907Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:26.575{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\getprocaddr64.ex|683e30977215239e\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003906Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:26.575{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\getprocaddr64.ex|683e30977215239e\LinkDate05/18/2023 20:44:04NT AUTHORITY\SYSTEM 13241300x80000000000000003905Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:26.575{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\getprocaddr64.ex|683e30977215239e\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003904Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:26.575{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\getprocaddr64.ex|683e30977215239e\LowerCaseLongPathc:\program files\git\usr\libexec\getprocaddr64.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003903Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:26.559{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\getprocaddr32.ex|11de5925d9c6baa7\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003902Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:26.559{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\getprocaddr32.ex|11de5925d9c6baa7\LinkDate05/18/2023 20:44:04NT AUTHORITY\SYSTEM 13241300x80000000000000003901Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:26.559{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\getprocaddr32.ex|11de5925d9c6baa7\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003900Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:26.559{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\getprocaddr32.ex|11de5925d9c6baa7\LowerCaseLongPathc:\program files\git\usr\libexec\getprocaddr32.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003899Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:26.559{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\getopt.exe|b37205341d75e599\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003898Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:26.559{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\getopt.exe|b37205341d75e599\LinkDate10/22/2022 18:35:44NT AUTHORITY\SYSTEM 13241300x80000000000000003897Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:26.559{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\getopt.exe|b37205341d75e599\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003896Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:26.559{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\getopt.exe|b37205341d75e599\LowerCaseLongPathc:\program files\git\usr\bin\getopt.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003895Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:26.559{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\getfacl.exe|69b0f93924f494f7\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003894Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:26.559{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\getfacl.exe|69b0f93924f494f7\LinkDate05/18/2023 20:44:25NT AUTHORITY\SYSTEM 13241300x80000000000000003893Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:26.559{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\getfacl.exe|69b0f93924f494f7\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003892Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:26.559{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\getfacl.exe|69b0f93924f494f7\LowerCaseLongPathc:\program files\git\usr\bin\getfacl.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003891Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:26.559{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\getconf.exe|c7f6d864684a6d19\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003890Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:26.559{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\getconf.exe|c7f6d864684a6d19\LinkDate05/18/2023 20:44:25NT AUTHORITY\SYSTEM 13241300x80000000000000003889Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:26.559{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\getconf.exe|c7f6d864684a6d19\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003888Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:26.559{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\getconf.exe|c7f6d864684a6d19\LowerCaseLongPathc:\program files\git\usr\bin\getconf.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003887Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:26.544{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\gencat.exe|89f29a911ad31f09\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003886Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:26.544{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\gencat.exe|89f29a911ad31f09\LinkDate05/18/2023 20:44:25NT AUTHORITY\SYSTEM 13241300x80000000000000003885Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:26.544{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\gencat.exe|89f29a911ad31f09\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003884Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:26.544{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\gencat.exe|89f29a911ad31f09\LowerCaseLongPathc:\program files\git\usr\bin\gencat.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003883Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:26.544{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\gawk.exe|33613608746cae13\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003882Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:26.544{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\gawk.exe|33613608746cae13\LinkDate01/01/1970 00:00:00NT AUTHORITY\SYSTEM 13241300x80000000000000003881Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:26.544{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\gawk.exe|33613608746cae13\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003880Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:26.544{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\gawk.exe|33613608746cae13\LowerCaseLongPathc:\program files\git\usr\bin\gawk.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003879Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:26.544{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\gawk-5.0.0.exe|709e9d005b0b4928\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003878Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:26.544{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\gawk-5.0.0.exe|709e9d005b0b4928\LinkDate01/01/1970 00:00:00NT AUTHORITY\SYSTEM 13241300x80000000000000003877Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:26.544{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\gawk-5.0.0.exe|709e9d005b0b4928\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003876Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:26.544{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\gawk-5.0.0.exe|709e9d005b0b4928\LowerCaseLongPathc:\program files\git\usr\bin\gawk-5.0.0.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003875Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:26.528{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\funzip.exe|8d9537366e67e65c\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003874Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:26.528{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\funzip.exe|8d9537366e67e65c\LinkDate05/08/2031 18:06:26NT AUTHORITY\SYSTEM 13241300x80000000000000003873Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:26.528{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\funzip.exe|8d9537366e67e65c\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003872Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:26.528{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\funzip.exe|8d9537366e67e65c\LowerCaseLongPathc:\program files\git\usr\bin\funzip.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003871Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:26.528{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\frcode.exe|c02ff0fb50c67deb\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003870Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:26.528{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\frcode.exe|c02ff0fb50c67deb\LinkDate01/01/1970 00:00:00NT AUTHORITY\SYSTEM 13241300x80000000000000003869Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:26.528{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\frcode.exe|c02ff0fb50c67deb\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003868Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:26.528{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\frcode.exe|c02ff0fb50c67deb\LowerCaseLongPathc:\program files\git\usr\libexec\frcode.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003867Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:26.528{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\fold.exe|84163f1e2201dd71\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003866Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:26.528{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\fold.exe|84163f1e2201dd71\LinkDate11/15/2022 17:18:48NT AUTHORITY\SYSTEM 13241300x80000000000000003865Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:26.528{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\fold.exe|84163f1e2201dd71\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003864Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:26.528{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\fold.exe|84163f1e2201dd71\LowerCaseLongPathc:\program files\git\usr\bin\fold.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003863Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:26.512{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\fmt.exe|74780154d3c66e14\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003862Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:26.512{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\fmt.exe|74780154d3c66e14\LinkDate11/15/2022 17:18:47NT AUTHORITY\SYSTEM 13241300x80000000000000003861Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:26.512{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\fmt.exe|74780154d3c66e14\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003860Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:26.512{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\fmt.exe|74780154d3c66e14\LowerCaseLongPathc:\program files\git\usr\bin\fmt.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003859Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:26.512{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\find.exe|d79fa77470677f17\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003858Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:26.512{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\find.exe|d79fa77470677f17\LinkDate01/01/1970 00:00:00NT AUTHORITY\SYSTEM 13241300x80000000000000003857Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:26.512{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\find.exe|d79fa77470677f17\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003856Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:26.512{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\find.exe|d79fa77470677f17\LowerCaseLongPathc:\program files\git\usr\bin\find.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003855Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:26.512{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\file.exe|9412a967e2d15f0f\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003854Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:26.512{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\file.exe|9412a967e2d15f0f\LinkDate02/15/2023 08:59:22NT AUTHORITY\SYSTEM 13241300x80000000000000003853Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:26.512{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\file.exe|9412a967e2d15f0f\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003852Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:26.512{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\file.exe|9412a967e2d15f0f\LowerCaseLongPathc:\program files\git\usr\bin\file.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003851Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:26.497{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\false.exe|8d9fec6786dfc816\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003850Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:26.497{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\false.exe|8d9fec6786dfc816\LinkDate11/15/2022 17:18:47NT AUTHORITY\SYSTEM 13241300x80000000000000003849Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:26.497{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\false.exe|8d9fec6786dfc816\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003848Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:26.497{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\false.exe|8d9fec6786dfc816\LowerCaseLongPathc:\program files\git\usr\bin\false.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003847Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:26.497{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\factor.exe|b56619397de59334\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003846Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:26.497{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\factor.exe|b56619397de59334\LinkDate11/15/2022 17:18:47NT AUTHORITY\SYSTEM 13241300x80000000000000003845Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:26.497{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\factor.exe|b56619397de59334\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003844Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:26.497{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\factor.exe|b56619397de59334\LowerCaseLongPathc:\program files\git\usr\bin\factor.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003843Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:26.497{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\expr.exe|2052e3951d88a155\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003842Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:26.497{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\expr.exe|2052e3951d88a155\LinkDate11/15/2022 17:18:46NT AUTHORITY\SYSTEM 13241300x80000000000000003841Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:26.497{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\expr.exe|2052e3951d88a155\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003840Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:26.497{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\expr.exe|2052e3951d88a155\LowerCaseLongPathc:\program files\git\usr\bin\expr.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003839Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:26.497{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\expand.exe|48fc5987fb05c50d\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003838Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:26.497{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\expand.exe|48fc5987fb05c50d\LinkDate11/15/2022 17:18:46NT AUTHORITY\SYSTEM 13241300x80000000000000003837Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:26.497{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\expand.exe|48fc5987fb05c50d\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003836Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:26.497{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\expand.exe|48fc5987fb05c50d\LowerCaseLongPathc:\program files\git\usr\bin\expand.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003835Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:26.497{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\ex.exe|a5705edbed8fc6c4\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003834Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:26.497{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\ex.exe|a5705edbed8fc6c4\LinkDate03/13/2023 19:58:40NT AUTHORITY\SYSTEM 13241300x80000000000000003833Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:26.497{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\ex.exe|a5705edbed8fc6c4\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003832Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:26.497{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\ex.exe|a5705edbed8fc6c4\LowerCaseLongPathc:\program files\git\usr\bin\ex.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003831Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:26.403{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\envsubst.exe|eadcd0623e89b9ae\BinProductVersion0.21.1.0NT AUTHORITY\SYSTEM 13241300x80000000000000003830Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:26.403{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\envsubst.exe|eadcd0623e89b9ae\LinkDate01/23/2023 07:56:40NT AUTHORITY\SYSTEM 13241300x80000000000000003829Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:26.403{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\envsubst.exe|eadcd0623e89b9ae\Publisherfree software foundationNT AUTHORITY\SYSTEM 13241300x80000000000000003828Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:26.403{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\envsubst.exe|eadcd0623e89b9ae\LowerCaseLongPathc:\program files\git\mingw64\bin\envsubst.exeNT AUTHORITY\SYSTEM 154100x80000000000000003827Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:29:26.382{08CB57FB-C166-64AB-C700-00000000FA02}332C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=A434E761D405DDC4EC4411D69D80BAAB,SHA256=DC09085E78020D3044660ED762A8FDBEA00FD859B4EADBE92F8725A9A654F294,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 13241300x80000000000000003826Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:26.356{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\envsubst.exe|660c72e4fd95bfd4\BinProductVersion0.21.0.0NT AUTHORITY\SYSTEM 13241300x80000000000000003825Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:26.356{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\envsubst.exe|660c72e4fd95bfd4\LinkDate01/01/1970 00:00:00NT AUTHORITY\SYSTEM 13241300x80000000000000003824Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:26.356{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\envsubst.exe|660c72e4fd95bfd4\Publisherfree software foundationNT AUTHORITY\SYSTEM 13241300x80000000000000003823Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:26.356{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\envsubst.exe|660c72e4fd95bfd4\LowerCaseLongPathc:\program files\git\usr\bin\envsubst.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003822Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:26.356{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\env.exe|7508509d7b06f998\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003821Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:26.356{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\env.exe|7508509d7b06f998\LinkDate11/15/2022 17:18:46NT AUTHORITY\SYSTEM 13241300x80000000000000003820Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:26.356{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\env.exe|7508509d7b06f998\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003819Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:26.356{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\env.exe|7508509d7b06f998\LowerCaseLongPathc:\program files\git\usr\bin\env.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003818Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:26.356{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\edit_test_dll.ex|2cd5024859c22e2e\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003817Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:26.356{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\edit_test_dll.ex|2cd5024859c22e2e\LinkDate05/22/2023 17:23:49NT AUTHORITY\SYSTEM 13241300x80000000000000003816Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:26.356{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\edit_test_dll.ex|2cd5024859c22e2e\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003815Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:26.356{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\edit_test_dll.ex|2cd5024859c22e2e\LowerCaseLongPathc:\program files\git\mingw64\bin\edit_test_dll.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003814Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:26.356{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\edit_test.exe|e47ad3e671162baa\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003813Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:26.356{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\edit_test.exe|e47ad3e671162baa\LinkDate05/22/2023 17:23:49NT AUTHORITY\SYSTEM 13241300x80000000000000003812Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:26.356{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\edit_test.exe|e47ad3e671162baa\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003811Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:26.356{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\edit_test.exe|e47ad3e671162baa\LowerCaseLongPathc:\program files\git\mingw64\bin\edit_test.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003810Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:26.356{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\edit-git-bash.ex|c4b83d4312564a9\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003809Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:26.356{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\edit-git-bash.ex|c4b83d4312564a9\LinkDate06/01/2023 16:34:16NT AUTHORITY\SYSTEM 13241300x80000000000000003808Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:26.356{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\edit-git-bash.ex|c4b83d4312564a9\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003807Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:26.356{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\edit-git-bash.ex|c4b83d4312564a9\LowerCaseLongPathc:\program files\git\mingw64\share\git\edit-git-bash.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003806Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:26.340{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\echo.exe|263446599120623a\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003805Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:26.340{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\echo.exe|263446599120623a\LinkDate11/15/2022 17:18:46NT AUTHORITY\SYSTEM 13241300x80000000000000003804Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:26.340{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\echo.exe|263446599120623a\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003803Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:26.340{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\echo.exe|263446599120623a\LowerCaseLongPathc:\program files\git\usr\bin\echo.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003802Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:26.340{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\dumpsexp.exe|45a2659c07e3df2c\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003801Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:26.340{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\dumpsexp.exe|45a2659c07e3df2c\LinkDate05/02/2023 06:40:37NT AUTHORITY\SYSTEM 13241300x80000000000000003800Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:26.340{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\dumpsexp.exe|45a2659c07e3df2c\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003799Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:26.340{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\dumpsexp.exe|45a2659c07e3df2c\LowerCaseLongPathc:\program files\git\usr\bin\dumpsexp.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003798Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:26.340{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\du.exe|2b10b32847099da7\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003797Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:26.340{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\du.exe|2b10b32847099da7\LinkDate11/15/2022 17:18:45NT AUTHORITY\SYSTEM 13241300x80000000000000003796Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:26.340{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\du.exe|2b10b32847099da7\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003795Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:26.340{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\du.exe|2b10b32847099da7\LowerCaseLongPathc:\program files\git\usr\bin\du.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003794Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:26.340{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\dos2unix.exe|e819f56941027f1c\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003793Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:26.340{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\dos2unix.exe|e819f56941027f1c\LinkDate05/18/2023 20:45:17NT AUTHORITY\SYSTEM 13241300x80000000000000003792Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:26.340{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\dos2unix.exe|e819f56941027f1c\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003791Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:26.340{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\dos2unix.exe|e819f56941027f1c\LowerCaseLongPathc:\program files\git\usr\bin\dos2unix.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003790Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:26.340{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\dirname.exe|b029038512034ced\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003789Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:26.340{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\dirname.exe|b029038512034ced\LinkDate11/15/2022 17:18:45NT AUTHORITY\SYSTEM 13241300x80000000000000003788Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:26.340{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\dirname.exe|b029038512034ced\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003787Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:26.340{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\dirname.exe|b029038512034ced\LowerCaseLongPathc:\program files\git\usr\bin\dirname.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003786Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:26.340{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\dirmngr.exe|fe24969724873327\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003785Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:26.340{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\dirmngr.exe|fe24969724873327\LinkDate05/02/2023 09:09:36NT AUTHORITY\SYSTEM 13241300x80000000000000003784Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:26.340{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\dirmngr.exe|fe24969724873327\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003783Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:26.340{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\dirmngr.exe|fe24969724873327\LowerCaseLongPathc:\program files\git\usr\bin\dirmngr.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003782Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:26.325{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\dirmngr-client.e|d59c8fc399717975\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003781Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:26.325{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\dirmngr-client.e|d59c8fc399717975\LinkDate05/02/2023 09:09:35NT AUTHORITY\SYSTEM 13241300x80000000000000003780Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:26.325{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\dirmngr-client.e|d59c8fc399717975\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003779Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:26.325{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\dirmngr-client.e|d59c8fc399717975\LowerCaseLongPathc:\program files\git\usr\bin\dirmngr-client.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003778Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:26.325{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\dircolors.exe|2c054bf1c4846ccd\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003777Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:26.325{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\dircolors.exe|2c054bf1c4846ccd\LinkDate11/15/2022 17:18:45NT AUTHORITY\SYSTEM 13241300x80000000000000003776Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:26.325{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\dircolors.exe|2c054bf1c4846ccd\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003775Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:26.325{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\dircolors.exe|2c054bf1c4846ccd\LowerCaseLongPathc:\program files\git\usr\bin\dircolors.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003774Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:26.325{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\dir.exe|100b2e6a725becca\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003773Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:26.325{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\dir.exe|100b2e6a725becca\LinkDate11/15/2022 17:18:44NT AUTHORITY\SYSTEM 13241300x80000000000000003772Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:26.309{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\dir.exe|100b2e6a725becca\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003771Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:26.309{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\dir.exe|100b2e6a725becca\LowerCaseLongPathc:\program files\git\usr\bin\dir.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003770Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:26.309{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\diff3.exe|db0f57bb42b2e275\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003769Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:26.309{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\diff3.exe|db0f57bb42b2e275\LinkDate03/12/2023 10:58:00NT AUTHORITY\SYSTEM 13241300x80000000000000003768Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:26.309{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\diff3.exe|db0f57bb42b2e275\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003767Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:26.309{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\diff3.exe|db0f57bb42b2e275\LowerCaseLongPathc:\program files\git\usr\bin\diff3.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003766Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:26.309{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\diff.exe|c7ecb5c4d9c537e1\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003765Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:26.309{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\diff.exe|c7ecb5c4d9c537e1\LinkDate03/12/2023 10:58:00NT AUTHORITY\SYSTEM 13241300x80000000000000003764Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:26.309{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\diff.exe|c7ecb5c4d9c537e1\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003763Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:26.309{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\diff.exe|c7ecb5c4d9c537e1\LowerCaseLongPathc:\program files\git\usr\bin\diff.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003762Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:26.309{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\df.exe|65dd80792ce5f665\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003761Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:26.309{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\df.exe|65dd80792ce5f665\LinkDate11/15/2022 17:18:44NT AUTHORITY\SYSTEM 13241300x80000000000000003760Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:26.309{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\df.exe|65dd80792ce5f665\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003759Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:26.309{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\df.exe|65dd80792ce5f665\LowerCaseLongPathc:\program files\git\usr\bin\df.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003758Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:26.293{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\dd.exe|d6bffb363596af3e\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003757Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:26.293{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\dd.exe|d6bffb363596af3e\LinkDate11/15/2022 17:18:44NT AUTHORITY\SYSTEM 13241300x80000000000000003756Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:26.293{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\dd.exe|d6bffb363596af3e\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003755Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:26.293{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\dd.exe|d6bffb363596af3e\LowerCaseLongPathc:\program files\git\usr\bin\dd.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003754Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:26.293{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\date.exe|15400b5e3ba75572\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003753Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:26.293{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\date.exe|15400b5e3ba75572\LinkDate11/15/2022 17:18:44NT AUTHORITY\SYSTEM 13241300x80000000000000003752Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:26.293{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\date.exe|15400b5e3ba75572\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003751Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:26.293{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\date.exe|15400b5e3ba75572\LowerCaseLongPathc:\program files\git\usr\bin\date.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003750Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:26.293{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\dash.exe|d7e7d55ce6ee5457\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003749Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:26.293{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\dash.exe|d7e7d55ce6ee5457\LinkDate01/24/2023 19:51:44NT AUTHORITY\SYSTEM 13241300x80000000000000003748Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:26.293{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\dash.exe|d7e7d55ce6ee5457\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003747Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:26.293{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\dash.exe|d7e7d55ce6ee5457\LowerCaseLongPathc:\program files\git\usr\bin\dash.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003746Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:26.293{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\d2u.exe|9a42254ebeca6f7a\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003745Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:26.293{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\d2u.exe|9a42254ebeca6f7a\LinkDate05/18/2023 20:45:17NT AUTHORITY\SYSTEM 13241300x80000000000000003744Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:26.293{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\d2u.exe|9a42254ebeca6f7a\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003743Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:26.293{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\d2u.exe|9a42254ebeca6f7a\LowerCaseLongPathc:\program files\git\usr\bin\d2u.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003742Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:26.263{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\cygwin-console-h|5323f22aa324e252\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003741Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:26.263{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\cygwin-console-h|5323f22aa324e252\LinkDate05/18/2023 20:44:04NT AUTHORITY\SYSTEM 13241300x80000000000000003740Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:26.263{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\cygwin-console-h|5323f22aa324e252\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003739Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:26.263{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\cygwin-console-h|5323f22aa324e252\LowerCaseLongPathc:\program files\git\usr\bin\cygwin-console-helper.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003738Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:26.263{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\cygpath.exe|89e407d49466bcd8\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003737Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:26.263{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\cygpath.exe|89e407d49466bcd8\LinkDate05/18/2023 20:44:25NT AUTHORITY\SYSTEM 13241300x80000000000000003736Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:26.263{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\cygpath.exe|89e407d49466bcd8\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003735Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:26.263{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\cygpath.exe|89e407d49466bcd8\LowerCaseLongPathc:\program files\git\usr\bin\cygpath.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003734Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:26.247{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\cygcheck.exe|6a2038f6387fe2d8\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003733Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:26.247{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\cygcheck.exe|6a2038f6387fe2d8\LinkDate05/18/2023 20:44:04NT AUTHORITY\SYSTEM 13241300x80000000000000003732Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:26.247{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\cygcheck.exe|6a2038f6387fe2d8\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003731Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:26.247{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\cygcheck.exe|6a2038f6387fe2d8\LowerCaseLongPathc:\program files\git\usr\bin\cygcheck.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003730Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:26.247{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\cut.exe|19b3f09ad648b49b\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003729Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:26.247{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\cut.exe|19b3f09ad648b49b\LinkDate11/15/2022 17:18:43NT AUTHORITY\SYSTEM 13241300x80000000000000003728Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:26.247{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\cut.exe|19b3f09ad648b49b\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003727Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:26.247{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\cut.exe|19b3f09ad648b49b\LowerCaseLongPathc:\program files\git\usr\bin\cut.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003726Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:26.231{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\curl.exe|34ac32e380c639e7\BinProductVersion8.1.2.0NT AUTHORITY\SYSTEM 13241300x80000000000000003725Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:26.231{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\curl.exe|34ac32e380c639e7\LinkDate05/30/2023 08:40:36NT AUTHORITY\SYSTEM 13241300x80000000000000003724Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:26.231{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\curl.exe|34ac32e380c639e7\Publishercurl, https://curl.se/NT AUTHORITY\SYSTEM 13241300x80000000000000003723Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:26.231{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\curl.exe|34ac32e380c639e7\LowerCaseLongPathc:\program files\git\mingw64\bin\curl.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003722Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:26.231{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\csplit.exe|86edd40dc8e531c1\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003721Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:26.231{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\csplit.exe|86edd40dc8e531c1\LinkDate11/15/2022 17:18:43NT AUTHORITY\SYSTEM 13241300x80000000000000003720Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:26.231{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\csplit.exe|86edd40dc8e531c1\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003719Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:26.231{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\csplit.exe|86edd40dc8e531c1\LowerCaseLongPathc:\program files\git\usr\bin\csplit.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003718Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:26.231{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\create-shortcut.|7be1e57c6a9b6d74\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003717Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:26.231{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\create-shortcut.|7be1e57c6a9b6d74\LinkDate05/01/2023 20:06:59NT AUTHORITY\SYSTEM 13241300x80000000000000003716Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:26.231{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\create-shortcut.|7be1e57c6a9b6d74\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003715Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:26.231{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\create-shortcut.|7be1e57c6a9b6d74\LowerCaseLongPathc:\program files\git\mingw64\bin\create-shortcut.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003714Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:26.231{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\cp.exe|a9aa2ba1cc55a1d1\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003713Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:26.231{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\cp.exe|a9aa2ba1cc55a1d1\LinkDate11/15/2022 17:18:43NT AUTHORITY\SYSTEM 13241300x80000000000000003712Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:26.231{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\cp.exe|a9aa2ba1cc55a1d1\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003711Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:26.231{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\cp.exe|a9aa2ba1cc55a1d1\LowerCaseLongPathc:\program files\git\usr\bin\cp.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003710Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:26.215{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\connect.exe|98a1b69f7698c1b1\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003709Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:26.215{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\connect.exe|98a1b69f7698c1b1\LinkDate04/07/2023 21:14:54NT AUTHORITY\SYSTEM 13241300x80000000000000003708Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:26.215{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\connect.exe|98a1b69f7698c1b1\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003707Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:26.215{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\connect.exe|98a1b69f7698c1b1\LowerCaseLongPathc:\program files\git\mingw64\bin\connect.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003706Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:26.215{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\compat-bash.exe|2353d7f66f7d8a47\BinProductVersion2.41.0.1NT AUTHORITY\SYSTEM 13241300x80000000000000003705Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:26.215{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\compat-bash.exe|2353d7f66f7d8a47\LinkDate06/01/2023 16:34:16NT AUTHORITY\SYSTEM 13241300x80000000000000003704Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:26.215{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\compat-bash.exe|2353d7f66f7d8a47\Publisherthe git development communityNT AUTHORITY\SYSTEM 13241300x80000000000000003703Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:26.215{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\compat-bash.exe|2353d7f66f7d8a47\LowerCaseLongPathc:\program files\git\mingw64\share\git\compat-bash.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003702Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:26.215{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\comm.exe|9b9df3e9f04bb630\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003701Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:26.215{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\comm.exe|9b9df3e9f04bb630\LinkDate11/15/2022 17:18:43NT AUTHORITY\SYSTEM 13241300x80000000000000003700Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:26.215{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\comm.exe|9b9df3e9f04bb630\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003699Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:26.215{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\comm.exe|9b9df3e9f04bb630\LowerCaseLongPathc:\program files\git\usr\bin\comm.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003698Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:26.215{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\column.exe|a0a6e93c07d1168\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003697Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:26.215{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\column.exe|a0a6e93c07d1168\LinkDate10/22/2022 18:35:42NT AUTHORITY\SYSTEM 13241300x80000000000000003696Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:26.215{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\column.exe|a0a6e93c07d1168\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003695Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:26.215{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\column.exe|a0a6e93c07d1168\LowerCaseLongPathc:\program files\git\usr\bin\column.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003694Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:26.215{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\cmp.exe|de6ed9764cfeeb7f\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003693Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:26.215{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\cmp.exe|de6ed9764cfeeb7f\LinkDate03/12/2023 10:58:00NT AUTHORITY\SYSTEM 13241300x80000000000000003692Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:26.215{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\cmp.exe|de6ed9764cfeeb7f\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003691Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:26.215{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\cmp.exe|de6ed9764cfeeb7f\LowerCaseLongPathc:\program files\git\usr\bin\cmp.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003690Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:26.200{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\clear.exe|23d1f6608a1d3194\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003689Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:26.200{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\clear.exe|23d1f6608a1d3194\LinkDate01/29/2023 10:00:13NT AUTHORITY\SYSTEM 13241300x80000000000000003688Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:26.200{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\clear.exe|23d1f6608a1d3194\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003687Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:26.200{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\clear.exe|23d1f6608a1d3194\LowerCaseLongPathc:\program files\git\usr\bin\clear.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003686Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:26.200{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\cldr-plurals.exe|acec4b705bc23965\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003685Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:26.200{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\cldr-plurals.exe|acec4b705bc23965\LinkDate01/01/1970 00:00:00NT AUTHORITY\SYSTEM 13241300x80000000000000003684Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:26.200{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\cldr-plurals.exe|acec4b705bc23965\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003683Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:26.200{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\cldr-plurals.exe|acec4b705bc23965\LowerCaseLongPathc:\program files\git\usr\lib\gettext\cldr-plurals.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003682Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:26.200{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\cksum.exe|877b1cc41ae31cae\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003681Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:26.200{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\cksum.exe|877b1cc41ae31cae\LinkDate11/15/2022 17:18:42NT AUTHORITY\SYSTEM 13241300x80000000000000003680Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:26.200{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\cksum.exe|877b1cc41ae31cae\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003679Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:26.200{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\cksum.exe|877b1cc41ae31cae\LowerCaseLongPathc:\program files\git\usr\bin\cksum.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003678Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:26.200{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\chroot.exe|699e7ae138a98a36\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003677Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:26.200{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\chroot.exe|699e7ae138a98a36\LinkDate11/15/2022 17:18:42NT AUTHORITY\SYSTEM 13241300x80000000000000003676Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:26.200{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\chroot.exe|699e7ae138a98a36\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003675Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:26.200{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\chroot.exe|699e7ae138a98a36\LowerCaseLongPathc:\program files\git\usr\bin\chroot.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003674Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:26.200{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\chown.exe|6e51d9aedefdf80f\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003673Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:26.200{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\chown.exe|6e51d9aedefdf80f\LinkDate11/15/2022 17:18:42NT AUTHORITY\SYSTEM 13241300x80000000000000003672Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:26.200{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\chown.exe|6e51d9aedefdf80f\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003671Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:26.200{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\chown.exe|6e51d9aedefdf80f\LowerCaseLongPathc:\program files\git\usr\bin\chown.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003670Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:26.184{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\chmod.exe|e3ddbff0fcd6c5e6\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003669Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:26.184{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\chmod.exe|e3ddbff0fcd6c5e6\LinkDate11/15/2022 17:18:41NT AUTHORITY\SYSTEM 13241300x80000000000000003668Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:26.184{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\chmod.exe|e3ddbff0fcd6c5e6\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003667Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:26.184{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\chmod.exe|e3ddbff0fcd6c5e6\LowerCaseLongPathc:\program files\git\usr\bin\chmod.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003666Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:26.184{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\chgrp.exe|bb039b4cd0c6f545\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003665Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:26.184{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\chgrp.exe|bb039b4cd0c6f545\LinkDate11/15/2022 17:18:41NT AUTHORITY\SYSTEM 13241300x80000000000000003664Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:26.184{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\chgrp.exe|bb039b4cd0c6f545\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003663Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:26.184{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\chgrp.exe|bb039b4cd0c6f545\LowerCaseLongPathc:\program files\git\usr\bin\chgrp.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003662Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:26.184{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\chcon.exe|8f0fac908d5773b6\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003661Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:26.184{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\chcon.exe|8f0fac908d5773b6\LinkDate11/15/2022 17:18:41NT AUTHORITY\SYSTEM 13241300x80000000000000003660Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:26.184{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\chcon.exe|8f0fac908d5773b6\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003659Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:26.184{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\chcon.exe|8f0fac908d5773b6\LowerCaseLongPathc:\program files\git\usr\bin\chcon.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003658Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:26.184{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\chattr.exe|29db3d1af543269b\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003657Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:26.184{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\chattr.exe|29db3d1af543269b\LinkDate05/18/2023 20:44:24NT AUTHORITY\SYSTEM 13241300x80000000000000003656Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:26.184{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\chattr.exe|29db3d1af543269b\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003655Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:26.184{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\chattr.exe|29db3d1af543269b\LowerCaseLongPathc:\program files\git\usr\bin\chattr.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003654Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:26.184{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\cat.exe|c9bdbcd78462df5e\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003653Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:26.184{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\cat.exe|c9bdbcd78462df5e\LinkDate11/15/2022 17:18:41NT AUTHORITY\SYSTEM 13241300x80000000000000003652Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:26.184{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\cat.exe|c9bdbcd78462df5e\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003651Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:26.184{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\cat.exe|c9bdbcd78462df5e\LowerCaseLongPathc:\program files\git\usr\bin\cat.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003650Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:26.158{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\captoinfo.exe|ae170334068304db\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003649Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:26.158{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\captoinfo.exe|ae170334068304db\LinkDate01/29/2023 10:00:12NT AUTHORITY\SYSTEM 13241300x80000000000000003648Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:26.158{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\captoinfo.exe|ae170334068304db\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003647Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:26.158{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\captoinfo.exe|ae170334068304db\LowerCaseLongPathc:\program files\git\usr\bin\captoinfo.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003646Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:26.138{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\bzip2recover.exe|7b4916700fd7fa54\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003645Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:26.138{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\bzip2recover.exe|7b4916700fd7fa54\LinkDate01/01/1970 00:00:00NT AUTHORITY\SYSTEM 13241300x80000000000000003644Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:26.138{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\bzip2recover.exe|7b4916700fd7fa54\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003643Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:26.138{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\bzip2recover.exe|7b4916700fd7fa54\LowerCaseLongPathc:\program files\git\mingw64\bin\bzip2recover.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003642Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:26.138{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\bzip2recover.exe|6fb043bab87a8c4c\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003641Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:26.138{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\bzip2recover.exe|6fb043bab87a8c4c\LinkDate01/01/1970 00:00:00NT AUTHORITY\SYSTEM 13241300x80000000000000003640Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:26.138{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\bzip2recover.exe|6fb043bab87a8c4c\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003639Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:26.138{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\bzip2recover.exe|6fb043bab87a8c4c\LowerCaseLongPathc:\program files\git\usr\bin\bzip2recover.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003638Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:26.138{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\bzip2.exe|cecf80293919b675\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003637Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:26.138{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\bzip2.exe|cecf80293919b675\LinkDate01/01/1970 00:00:00NT AUTHORITY\SYSTEM 13241300x80000000000000003636Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:26.138{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\bzip2.exe|cecf80293919b675\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003635Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:26.122{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\bzip2.exe|cecf80293919b675\LowerCaseLongPathc:\program files\git\mingw64\bin\bzip2.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003634Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:26.122{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\bzip2.exe|6e87155dac2f4c04\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003633Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:26.122{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\bzip2.exe|6e87155dac2f4c04\LinkDate01/01/1970 00:00:00NT AUTHORITY\SYSTEM 13241300x80000000000000003632Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:26.122{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\bzip2.exe|6e87155dac2f4c04\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003631Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:26.122{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\bzip2.exe|6e87155dac2f4c04\LowerCaseLongPathc:\program files\git\usr\bin\bzip2.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003630Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:26.122{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\bzcat.exe|5bd95ec17b3dd431\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003629Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:26.122{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\bzcat.exe|5bd95ec17b3dd431\LinkDate01/01/1970 00:00:00NT AUTHORITY\SYSTEM 13241300x80000000000000003628Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:26.122{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\bzcat.exe|5bd95ec17b3dd431\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003627Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:26.122{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\bzcat.exe|5bd95ec17b3dd431\LowerCaseLongPathc:\program files\git\usr\bin\bzcat.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003626Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:26.106{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\bzcat.exe|22efe6404fe377ef\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003625Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:26.106{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\bzcat.exe|22efe6404fe377ef\LinkDate01/01/1970 00:00:00NT AUTHORITY\SYSTEM 13241300x80000000000000003624Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:26.106{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\bzcat.exe|22efe6404fe377ef\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003623Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:26.106{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\bzcat.exe|22efe6404fe377ef\LowerCaseLongPathc:\program files\git\mingw64\bin\bzcat.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003622Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:26.106{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\bunzip2.exe|e3db3453bc608648\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003621Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:26.106{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\bunzip2.exe|e3db3453bc608648\LinkDate01/01/1970 00:00:00NT AUTHORITY\SYSTEM 13241300x80000000000000003620Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:26.106{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\bunzip2.exe|e3db3453bc608648\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003619Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:26.106{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\bunzip2.exe|e3db3453bc608648\LowerCaseLongPathc:\program files\git\mingw64\bin\bunzip2.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003618Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:26.106{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\bunzip2.exe|9ac74d590cb04f1a\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003617Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:26.106{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\bunzip2.exe|9ac74d590cb04f1a\LinkDate01/01/1970 00:00:00NT AUTHORITY\SYSTEM 13241300x80000000000000003616Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:26.106{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\bunzip2.exe|9ac74d590cb04f1a\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003615Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:26.106{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\bunzip2.exe|9ac74d590cb04f1a\LowerCaseLongPathc:\program files\git\usr\bin\bunzip2.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003614Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:26.090{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\brotli.exe|31204f639af895eb\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003613Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:26.090{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\brotli.exe|31204f639af895eb\LinkDate01/01/1970 00:00:00NT AUTHORITY\SYSTEM 13241300x80000000000000003612Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:26.090{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\brotli.exe|31204f639af895eb\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003611Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:26.090{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\brotli.exe|31204f639af895eb\LowerCaseLongPathc:\program files\git\mingw64\bin\brotli.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003610Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:26.043{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\blocked-file-uti|26a5d90fb1352887\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003609Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:26.043{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\blocked-file-uti|26a5d90fb1352887\LinkDate05/01/2023 20:06:59NT AUTHORITY\SYSTEM 13241300x80000000000000003608Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:26.043{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\blocked-file-uti|26a5d90fb1352887\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003607Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:26.043{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\blocked-file-uti|26a5d90fb1352887\LowerCaseLongPathc:\program files\git\mingw64\bin\blocked-file-util.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003606Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:26.043{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\bash.exe|82493e8a87323f44\BinProductVersion2.41.0.1NT AUTHORITY\SYSTEM 13241300x80000000000000003605Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:26.043{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\bash.exe|82493e8a87323f44\LinkDate06/01/2023 16:34:16NT AUTHORITY\SYSTEM 13241300x80000000000000003604Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:26.043{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\bash.exe|82493e8a87323f44\Publisherthe git development communityNT AUTHORITY\SYSTEM 13241300x80000000000000003603Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:26.043{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\bash.exe|82493e8a87323f44\LowerCaseLongPathc:\program files\git\bin\bash.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003602Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:26.043{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\bash.exe|5f326cb536e85740\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003601Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:26.043{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\bash.exe|5f326cb536e85740\LinkDate02/08/2023 12:35:15NT AUTHORITY\SYSTEM 13241300x80000000000000003600Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:26.043{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\bash.exe|5f326cb536e85740\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003599Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:26.043{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\bash.exe|5f326cb536e85740\LowerCaseLongPathc:\program files\git\usr\bin\bash.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003598Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:26.012{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\basenc.exe|441974f40d711257\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003597Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:26.012{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\basenc.exe|441974f40d711257\LinkDate11/15/2022 17:18:40NT AUTHORITY\SYSTEM 13241300x80000000000000003596Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:26.012{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\basenc.exe|441974f40d711257\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003595Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:26.012{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\basenc.exe|441974f40d711257\LowerCaseLongPathc:\program files\git\usr\bin\basenc.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003594Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:26.012{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\basename.exe|47ada093d5bb600a\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003593Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:26.012{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\basename.exe|47ada093d5bb600a\LinkDate11/15/2022 17:18:40NT AUTHORITY\SYSTEM 13241300x80000000000000003592Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:26.012{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\basename.exe|47ada093d5bb600a\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003591Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:26.012{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\basename.exe|47ada093d5bb600a\LowerCaseLongPathc:\program files\git\usr\bin\basename.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003590Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:26.012{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\base64.exe|962b95c6244d4b06\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003589Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:26.012{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\base64.exe|962b95c6244d4b06\LinkDate11/15/2022 17:18:40NT AUTHORITY\SYSTEM 13241300x80000000000000003588Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:26.012{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\base64.exe|962b95c6244d4b06\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003587Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:25.997{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\base64.exe|962b95c6244d4b06\LowerCaseLongPathc:\program files\git\usr\bin\base64.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003586Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:25.997{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\base32.exe|a314ab833a8613c9\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003585Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:25.997{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\base32.exe|a314ab833a8613c9\LinkDate11/15/2022 17:18:40NT AUTHORITY\SYSTEM 13241300x80000000000000003584Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:25.997{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\base32.exe|a314ab833a8613c9\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003583Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:25.997{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\base32.exe|a314ab833a8613c9\LowerCaseLongPathc:\program files\git\usr\bin\base32.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003582Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:25.997{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\b2sum.exe|29b37ad7ebd1394a\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003581Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:25.997{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\b2sum.exe|29b37ad7ebd1394a\LinkDate11/15/2022 17:18:39NT AUTHORITY\SYSTEM 13241300x80000000000000003580Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:25.997{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\b2sum.exe|29b37ad7ebd1394a\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003579Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:25.997{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\b2sum.exe|29b37ad7ebd1394a\LowerCaseLongPathc:\program files\git\usr\bin\b2sum.exeNT AUTHORITY\SYSTEM 13241300x80000000000000003578Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:25.997{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\awk.exe|283395e55c831d1d\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003577Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:25.997{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\awk.exe|283395e55c831d1d\LinkDate01/01/1970 00:00:00NT AUTHORITY\SYSTEM 13241300x80000000000000003576Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:25.997{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\awk.exe|283395e55c831d1d\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000003575Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:25.997{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\awk.exe|283395e55c831d1d\LowerCaseLongPathc:\program files\git\usr\bin\awk.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004679Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.981{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\split.exe|6b78af18101c82a4\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004678Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.981{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\split.exe|6b78af18101c82a4\LinkDate11/15/2022 17:19:01NT AUTHORITY\SYSTEM 13241300x80000000000000004677Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.981{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\split.exe|6b78af18101c82a4\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004676Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.981{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\split.exe|6b78af18101c82a4\LowerCaseLongPathc:\program files\git\usr\bin\split.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004675Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.981{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\sort.exe|5a1eaeebcdfdfa5b\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004674Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.981{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\sort.exe|5a1eaeebcdfdfa5b\LinkDate11/15/2022 17:19:01NT AUTHORITY\SYSTEM 13241300x80000000000000004673Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.981{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\sort.exe|5a1eaeebcdfdfa5b\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004672Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.981{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\sort.exe|5a1eaeebcdfdfa5b\LowerCaseLongPathc:\program files\git\usr\bin\sort.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004671Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.981{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\sleep.exe|1e8f62417166ba32\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004670Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.981{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\sleep.exe|1e8f62417166ba32\LinkDate11/15/2022 17:19:01NT AUTHORITY\SYSTEM 13241300x80000000000000004669Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.981{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\sleep.exe|1e8f62417166ba32\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004668Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.981{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\sleep.exe|1e8f62417166ba32\LowerCaseLongPathc:\program files\git\usr\bin\sleep.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004667Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.981{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\shuf.exe|cfb51deed9f02428\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004666Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.981{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\shuf.exe|cfb51deed9f02428\LinkDate11/15/2022 17:19:01NT AUTHORITY\SYSTEM 13241300x80000000000000004665Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.981{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\shuf.exe|cfb51deed9f02428\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004664Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.981{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\shuf.exe|cfb51deed9f02428\LowerCaseLongPathc:\program files\git\usr\bin\shuf.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004663Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.981{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\shred.exe|43071571d2a31944\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004662Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.981{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\shred.exe|43071571d2a31944\LinkDate11/15/2022 17:19:00NT AUTHORITY\SYSTEM 13241300x80000000000000004661Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.981{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\shred.exe|43071571d2a31944\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004660Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.981{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\shred.exe|43071571d2a31944\LowerCaseLongPathc:\program files\git\usr\bin\shred.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004659Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.981{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\sha512sum.exe|f96cb84497fcdcc3\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004658Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.981{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\sha512sum.exe|f96cb84497fcdcc3\LinkDate11/15/2022 17:19:00NT AUTHORITY\SYSTEM 13241300x80000000000000004657Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.981{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\sha512sum.exe|f96cb84497fcdcc3\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004656Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.981{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\sha512sum.exe|f96cb84497fcdcc3\LowerCaseLongPathc:\program files\git\usr\bin\sha512sum.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004655Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.966{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\sha384sum.exe|ea7c3d331520b41a\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004654Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.966{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\sha384sum.exe|ea7c3d331520b41a\LinkDate11/15/2022 17:19:00NT AUTHORITY\SYSTEM 13241300x80000000000000004653Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.966{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\sha384sum.exe|ea7c3d331520b41a\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004652Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.966{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\sha384sum.exe|ea7c3d331520b41a\LowerCaseLongPathc:\program files\git\usr\bin\sha384sum.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004651Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.966{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\sha256sum.exe|d1427df5ba9eb839\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004650Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.966{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\sha256sum.exe|d1427df5ba9eb839\LinkDate11/15/2022 17:19:00NT AUTHORITY\SYSTEM 13241300x80000000000000004649Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.966{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\sha256sum.exe|d1427df5ba9eb839\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004648Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.966{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\sha256sum.exe|d1427df5ba9eb839\LowerCaseLongPathc:\program files\git\usr\bin\sha256sum.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004647Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.966{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\sha224sum.exe|fc63c300ff87f33f\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004646Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.966{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\sha224sum.exe|fc63c300ff87f33f\LinkDate11/15/2022 17:18:59NT AUTHORITY\SYSTEM 13241300x80000000000000004645Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.966{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\sha224sum.exe|fc63c300ff87f33f\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004644Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.966{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\sha224sum.exe|fc63c300ff87f33f\LowerCaseLongPathc:\program files\git\usr\bin\sha224sum.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004643Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.966{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\sha1sum.exe|f6d44c369684cd7e\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004642Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.966{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\sha1sum.exe|f6d44c369684cd7e\LinkDate11/15/2022 17:18:59NT AUTHORITY\SYSTEM 13241300x80000000000000004641Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.966{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\sha1sum.exe|f6d44c369684cd7e\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004640Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.966{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\sha1sum.exe|f6d44c369684cd7e\LowerCaseLongPathc:\program files\git\usr\bin\sha1sum.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004639Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.950{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\sh.exe|464d78a7aeef6674\BinProductVersion2.41.0.1NT AUTHORITY\SYSTEM 13241300x80000000000000004638Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.950{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\sh.exe|464d78a7aeef6674\LinkDate06/01/2023 16:34:16NT AUTHORITY\SYSTEM 13241300x80000000000000004637Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.950{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\sh.exe|464d78a7aeef6674\Publisherthe git development communityNT AUTHORITY\SYSTEM 13241300x80000000000000004636Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.950{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\sh.exe|464d78a7aeef6674\LowerCaseLongPathc:\program files\git\bin\sh.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004635Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.950{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\sh.exe|1bb90a29aab21f25\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004634Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.950{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\sh.exe|1bb90a29aab21f25\LinkDate02/08/2023 12:35:15NT AUTHORITY\SYSTEM 13241300x80000000000000004633Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.950{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\sh.exe|1bb90a29aab21f25\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004632Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.950{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\sh.exe|1bb90a29aab21f25\LowerCaseLongPathc:\program files\git\usr\bin\sh.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004631Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.888{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\sftp.exe|e3eb45112610e0ab\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004630Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.888{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\sftp.exe|e3eb45112610e0ab\LinkDate03/16/2023 10:45:40NT AUTHORITY\SYSTEM 13241300x80000000000000004629Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.888{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\sftp.exe|e3eb45112610e0ab\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004628Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.888{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\sftp.exe|e3eb45112610e0ab\LowerCaseLongPathc:\program files\git\usr\bin\sftp.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004627Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.888{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\sftp-server.exe|88c04bc0a95e22d3\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004626Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.888{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\sftp-server.exe|88c04bc0a95e22d3\LinkDate03/16/2023 10:45:42NT AUTHORITY\SYSTEM 13241300x80000000000000004625Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.888{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\sftp-server.exe|88c04bc0a95e22d3\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004624Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.888{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\sftp-server.exe|88c04bc0a95e22d3\LowerCaseLongPathc:\program files\git\usr\lib\ssh\sftp-server.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004623Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.841{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\sexp-conv.exe|ff49bfd2063ca556\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004622Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.841{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\sexp-conv.exe|ff49bfd2063ca556\LinkDate05/17/2023 18:06:42NT AUTHORITY\SYSTEM 13241300x80000000000000004621Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.841{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\sexp-conv.exe|ff49bfd2063ca556\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004620Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.841{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\sexp-conv.exe|ff49bfd2063ca556\LowerCaseLongPathc:\program files\git\mingw64\bin\sexp-conv.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004619Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.841{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\sexp-conv.exe|8bde837678ce07ac\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004618Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.841{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\sexp-conv.exe|8bde837678ce07ac\LinkDate05/18/2023 12:11:16NT AUTHORITY\SYSTEM 13241300x80000000000000004617Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.841{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\sexp-conv.exe|8bde837678ce07ac\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004616Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.841{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\sexp-conv.exe|8bde837678ce07ac\LowerCaseLongPathc:\program files\git\usr\bin\sexp-conv.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004615Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.841{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\setmetamode.exe|2c2c0eb5bddaec82\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004614Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.841{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\setmetamode.exe|2c2c0eb5bddaec82\LinkDate05/18/2023 20:44:26NT AUTHORITY\SYSTEM 13241300x80000000000000004613Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.841{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\setmetamode.exe|2c2c0eb5bddaec82\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004612Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.841{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\setmetamode.exe|2c2c0eb5bddaec82\LowerCaseLongPathc:\program files\git\usr\bin\setmetamode.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004611Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.841{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\setfacl.exe|3de57f6a3e2d7242\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004610Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.841{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\setfacl.exe|3de57f6a3e2d7242\LinkDate05/18/2023 20:44:26NT AUTHORITY\SYSTEM 13241300x80000000000000004609Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.841{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\setfacl.exe|3de57f6a3e2d7242\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004608Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.841{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\setfacl.exe|3de57f6a3e2d7242\LowerCaseLongPathc:\program files\git\usr\bin\setfacl.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004607Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.841{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\seq.exe|1f2e494e389bf41a\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004606Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.841{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\seq.exe|1f2e494e389bf41a\LinkDate11/15/2022 17:18:59NT AUTHORITY\SYSTEM 13241300x80000000000000004605Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.841{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\seq.exe|1f2e494e389bf41a\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004604Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.841{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\seq.exe|1f2e494e389bf41a\LowerCaseLongPathc:\program files\git\usr\bin\seq.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004603Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.841{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\sed.exe|cef6dc9db4fd3f4e\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004602Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.841{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\sed.exe|cef6dc9db4fd3f4e\LinkDate11/19/2022 12:49:27NT AUTHORITY\SYSTEM 13241300x80000000000000004601Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.841{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\sed.exe|cef6dc9db4fd3f4e\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004600Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.841{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\sed.exe|cef6dc9db4fd3f4e\LowerCaseLongPathc:\program files\git\usr\bin\sed.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004599Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.825{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\sdiff.exe|4d47b8c2d2524c04\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004598Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.825{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\sdiff.exe|4d47b8c2d2524c04\LinkDate03/12/2023 10:58:00NT AUTHORITY\SYSTEM 13241300x80000000000000004597Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.825{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\sdiff.exe|4d47b8c2d2524c04\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004596Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.825{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\sdiff.exe|4d47b8c2d2524c04\LowerCaseLongPathc:\program files\git\usr\bin\sdiff.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004595Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.825{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\scp.exe|7ba9f24b1c00395a\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004594Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.825{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\scp.exe|7ba9f24b1c00395a\LinkDate03/16/2023 10:45:39NT AUTHORITY\SYSTEM 13241300x80000000000000004593Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.825{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\scp.exe|7ba9f24b1c00395a\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004592Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.825{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\scp.exe|7ba9f24b1c00395a\LowerCaseLongPathc:\program files\git\usr\bin\scp.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004591Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.825{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\scdaemon.exe|53479827260a265e\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004590Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.825{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\scdaemon.exe|53479827260a265e\LinkDate05/02/2023 09:09:40NT AUTHORITY\SYSTEM 13241300x80000000000000004589Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.825{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\scdaemon.exe|53479827260a265e\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004588Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.825{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\scdaemon.exe|53479827260a265e\LowerCaseLongPathc:\program files\git\usr\lib\gnupg\scdaemon.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004587Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.809{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\rvim.exe|58eacdb700b2ffd3\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004586Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.809{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\rvim.exe|58eacdb700b2ffd3\LinkDate03/13/2023 19:58:41NT AUTHORITY\SYSTEM 13241300x80000000000000004585Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.809{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\rvim.exe|58eacdb700b2ffd3\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004584Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.809{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\rvim.exe|58eacdb700b2ffd3\LowerCaseLongPathc:\program files\git\usr\bin\rvim.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004583Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.794{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\rview.exe|1b8d8c7426c49f6d\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004582Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.794{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\rview.exe|1b8d8c7426c49f6d\LinkDate03/13/2023 19:58:40NT AUTHORITY\SYSTEM 13241300x80000000000000004581Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.794{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\rview.exe|1b8d8c7426c49f6d\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004580Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.794{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\rview.exe|1b8d8c7426c49f6d\LowerCaseLongPathc:\program files\git\usr\bin\rview.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004579Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.731{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\runcon.exe|9d9d38ca848c2576\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004578Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.731{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\runcon.exe|9d9d38ca848c2576\LinkDate11/15/2022 17:18:59NT AUTHORITY\SYSTEM 13241300x80000000000000004577Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.731{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\runcon.exe|9d9d38ca848c2576\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004576Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.731{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\runcon.exe|9d9d38ca848c2576\LowerCaseLongPathc:\program files\git\usr\bin\runcon.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004575Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.716{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\rnano.exe|59695cb2874e092d\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004574Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.716{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\rnano.exe|59695cb2874e092d\LinkDate01/20/2023 09:25:45NT AUTHORITY\SYSTEM 13241300x80000000000000004573Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.716{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\rnano.exe|59695cb2874e092d\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004572Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.716{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\rnano.exe|59695cb2874e092d\LowerCaseLongPathc:\program files\git\usr\bin\rnano.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004571Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.716{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\rmt.exe|dda7820342efab83\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004570Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.716{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\rmt.exe|dda7820342efab83\LinkDate01/01/1970 00:00:00NT AUTHORITY\SYSTEM 13241300x80000000000000004569Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.716{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\rmt.exe|dda7820342efab83\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004568Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.716{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\rmt.exe|dda7820342efab83\LowerCaseLongPathc:\program files\git\usr\lib\tar\rmt.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004567Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.716{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\rmdir.exe|1053bde30940b254\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004566Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.716{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\rmdir.exe|1053bde30940b254\LinkDate11/15/2022 17:18:58NT AUTHORITY\SYSTEM 13241300x80000000000000004565Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.716{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\rmdir.exe|1053bde30940b254\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004564Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.716{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\rmdir.exe|1053bde30940b254\LowerCaseLongPathc:\program files\git\usr\bin\rmdir.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004563Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.716{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\rm.exe|1eee459e666dde29\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004562Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.716{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\rm.exe|1eee459e666dde29\LinkDate11/15/2022 17:18:58NT AUTHORITY\SYSTEM 13241300x80000000000000004561Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.716{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\rm.exe|1eee459e666dde29\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004560Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.716{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\rm.exe|1eee459e666dde29\LowerCaseLongPathc:\program files\git\usr\bin\rm.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004559Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.700{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\reset.exe|bb8c4a8b474d3d85\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004558Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.700{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\reset.exe|bb8c4a8b474d3d85\LinkDate01/29/2023 10:00:16NT AUTHORITY\SYSTEM 13241300x80000000000000004557Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.700{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\reset.exe|bb8c4a8b474d3d85\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004556Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.700{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\reset.exe|bb8c4a8b474d3d85\LowerCaseLongPathc:\program files\git\usr\bin\reset.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004555Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.700{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\regtool.exe|2c34de713dfed575\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004554Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.700{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\regtool.exe|2c34de713dfed575\LinkDate05/18/2023 20:44:26NT AUTHORITY\SYSTEM 13241300x80000000000000004553Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.700{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\regtool.exe|2c34de713dfed575\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004552Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.700{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\regtool.exe|2c34de713dfed575\LowerCaseLongPathc:\program files\git\usr\bin\regtool.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004551Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.700{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\recode-sr-latin.|fef01b1a870bf6ba\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004550Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.700{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\recode-sr-latin.|fef01b1a870bf6ba\LinkDate01/01/1970 00:00:00NT AUTHORITY\SYSTEM 13241300x80000000000000004549Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.700{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\recode-sr-latin.|fef01b1a870bf6ba\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004548Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.700{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\recode-sr-latin.|fef01b1a870bf6ba\LowerCaseLongPathc:\program files\git\usr\bin\recode-sr-latin.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004547Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.700{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\rebase.exe|227817bf057aff56\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004546Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.700{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\rebase.exe|227817bf057aff56\LinkDate04/17/2023 20:18:59NT AUTHORITY\SYSTEM 13241300x80000000000000004545Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.700{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\rebase.exe|227817bf057aff56\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004544Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.700{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\rebase.exe|227817bf057aff56\LowerCaseLongPathc:\program files\git\usr\bin\rebase.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004543Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.684{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\realpath.exe|c0afeb0f661fb0d7\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004542Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.684{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\realpath.exe|c0afeb0f661fb0d7\LinkDate11/15/2022 17:18:58NT AUTHORITY\SYSTEM 13241300x80000000000000004541Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.684{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\realpath.exe|c0afeb0f661fb0d7\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004540Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.684{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\realpath.exe|c0afeb0f661fb0d7\LowerCaseLongPathc:\program files\git\usr\bin\realpath.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004539Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.684{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\readlink.exe|95adf512ea71f082\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004538Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.684{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\readlink.exe|95adf512ea71f082\LinkDate11/15/2022 17:18:57NT AUTHORITY\SYSTEM 13241300x80000000000000004537Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.684{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\readlink.exe|95adf512ea71f082\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004536Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.684{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\readlink.exe|95adf512ea71f082\LowerCaseLongPathc:\program files\git\usr\bin\readlink.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004535Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.684{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\pwd.exe|d284abac49ab21f2\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004534Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.684{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\pwd.exe|d284abac49ab21f2\LinkDate11/15/2022 17:18:57NT AUTHORITY\SYSTEM 13241300x80000000000000004533Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.684{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\pwd.exe|d284abac49ab21f2\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004532Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.684{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\pwd.exe|d284abac49ab21f2\LowerCaseLongPathc:\program files\git\usr\bin\pwd.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004531Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.684{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\pwcat.exe|8b9017bb0d797817\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004530Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.684{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\pwcat.exe|8b9017bb0d797817\LinkDate01/01/1970 00:00:00NT AUTHORITY\SYSTEM 13241300x80000000000000004529Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.684{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\pwcat.exe|8b9017bb0d797817\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004528Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.684{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\pwcat.exe|8b9017bb0d797817\LowerCaseLongPathc:\program files\git\usr\lib\awk\pwcat.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004527Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.684{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\ptx.exe|e8f065049d3c881d\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004526Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.684{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\ptx.exe|e8f065049d3c881d\LinkDate11/15/2022 17:18:57NT AUTHORITY\SYSTEM 13241300x80000000000000004525Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.684{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\ptx.exe|e8f065049d3c881d\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004524Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.684{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\ptx.exe|e8f065049d3c881d\LowerCaseLongPathc:\program files\git\usr\bin\ptx.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004523Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.669{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\psl.exe|c168c852dc0b9a95\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004522Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.669{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\psl.exe|c168c852dc0b9a95\LinkDate01/01/2023 14:29:04NT AUTHORITY\SYSTEM 13241300x80000000000000004521Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.669{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\psl.exe|c168c852dc0b9a95\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004520Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.669{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\psl.exe|c168c852dc0b9a95\LowerCaseLongPathc:\program files\git\usr\bin\psl.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004519Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.669{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\psl.exe|b454686dc77a9755\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004518Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.669{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\psl.exe|b454686dc77a9755\LinkDate02/06/2023 08:11:41NT AUTHORITY\SYSTEM 13241300x80000000000000004517Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.669{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\psl.exe|b454686dc77a9755\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004516Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.669{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\psl.exe|b454686dc77a9755\LowerCaseLongPathc:\program files\git\mingw64\bin\psl.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004515Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.669{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\ps.exe|c0f5c870a00cafd8\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004514Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.669{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\ps.exe|c0f5c870a00cafd8\LinkDate05/18/2023 20:44:25NT AUTHORITY\SYSTEM 13241300x80000000000000004513Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.669{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\ps.exe|c0f5c870a00cafd8\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004512Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.669{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\ps.exe|c0f5c870a00cafd8\LowerCaseLongPathc:\program files\git\usr\bin\ps.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004511Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.669{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\proxy-lookup.exe|1b18ebec8d870bc5\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004510Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.669{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\proxy-lookup.exe|1b18ebec8d870bc5\LinkDate05/01/2023 20:06:59NT AUTHORITY\SYSTEM 13241300x80000000000000004509Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.669{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\proxy-lookup.exe|1b18ebec8d870bc5\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004508Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.669{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\proxy-lookup.exe|1b18ebec8d870bc5\LowerCaseLongPathc:\program files\git\mingw64\bin\proxy-lookup.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004507Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.669{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\profiler.exe|375a9b384421d7c1\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004506Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.669{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\profiler.exe|375a9b384421d7c1\LinkDate05/18/2023 20:44:26NT AUTHORITY\SYSTEM 13241300x80000000000000004505Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.669{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\profiler.exe|375a9b384421d7c1\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004504Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.669{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\profiler.exe|375a9b384421d7c1\LowerCaseLongPathc:\program files\git\usr\bin\profiler.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004503Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.669{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\printf.exe|89ffa032389ba988\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004502Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.669{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\printf.exe|89ffa032389ba988\LinkDate11/15/2022 17:18:57NT AUTHORITY\SYSTEM 13241300x80000000000000004501Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.669{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\printf.exe|89ffa032389ba988\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004500Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.669{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\printf.exe|89ffa032389ba988\LowerCaseLongPathc:\program files\git\usr\bin\printf.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004499Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.653{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\printenv.exe|f3bb2a19296ad0a0\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004498Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.653{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\printenv.exe|f3bb2a19296ad0a0\LinkDate11/15/2022 17:18:56NT AUTHORITY\SYSTEM 13241300x80000000000000004497Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.653{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\printenv.exe|f3bb2a19296ad0a0\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004496Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.653{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\printenv.exe|f3bb2a19296ad0a0\LowerCaseLongPathc:\program files\git\usr\bin\printenv.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004495Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.653{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\pr.exe|4e05d5efd64cfc18\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004494Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.653{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\pr.exe|4e05d5efd64cfc18\LinkDate11/15/2022 17:18:56NT AUTHORITY\SYSTEM 13241300x80000000000000004493Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.653{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\pr.exe|4e05d5efd64cfc18\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004492Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.653{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\pr.exe|4e05d5efd64cfc18\LowerCaseLongPathc:\program files\git\usr\bin\pr.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004491Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.653{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\pluginviewer.exe|f40dc68beb42a176\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004490Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.653{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\pluginviewer.exe|f40dc68beb42a176\LinkDate01/01/1970 00:00:00NT AUTHORITY\SYSTEM 13241300x80000000000000004489Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.653{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\pluginviewer.exe|f40dc68beb42a176\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004488Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.653{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\pluginviewer.exe|f40dc68beb42a176\LowerCaseLongPathc:\program files\git\usr\bin\pluginviewer.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004487Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.653{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\pldd.exe|2d0b12ded17c614c\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004486Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.653{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\pldd.exe|2d0b12ded17c614c\LinkDate05/18/2023 20:44:26NT AUTHORITY\SYSTEM 13241300x80000000000000004485Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.653{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\pldd.exe|2d0b12ded17c614c\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004484Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.653{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\pldd.exe|2d0b12ded17c614c\LowerCaseLongPathc:\program files\git\usr\bin\pldd.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004483Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.653{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\pkcs1-conv.exe|8fa2ffc9f6076c8c\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004482Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.653{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\pkcs1-conv.exe|8fa2ffc9f6076c8c\LinkDate05/17/2023 18:06:42NT AUTHORITY\SYSTEM 13241300x80000000000000004481Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.653{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\pkcs1-conv.exe|8fa2ffc9f6076c8c\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004480Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.653{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\pkcs1-conv.exe|8fa2ffc9f6076c8c\LowerCaseLongPathc:\program files\git\mingw64\bin\pkcs1-conv.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004479Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.653{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\pkcs1-conv.exe|5cc5d2e050d9b487\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004478Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.653{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\pkcs1-conv.exe|5cc5d2e050d9b487\LinkDate05/18/2023 12:11:16NT AUTHORITY\SYSTEM 13241300x80000000000000004477Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.653{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\pkcs1-conv.exe|5cc5d2e050d9b487\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004476Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.653{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\pkcs1-conv.exe|5cc5d2e050d9b487\LowerCaseLongPathc:\program files\git\usr\bin\pkcs1-conv.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004475Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.653{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\pinky.exe|852da7421d64c177\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004474Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.653{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\pinky.exe|852da7421d64c177\LinkDate11/15/2022 17:18:56NT AUTHORITY\SYSTEM 13241300x80000000000000004473Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.653{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\pinky.exe|852da7421d64c177\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004472Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.653{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\pinky.exe|852da7421d64c177\LowerCaseLongPathc:\program files\git\usr\bin\pinky.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004471Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.637{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\pinentry.exe|5a096695f03f1450\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004470Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.637{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\pinentry.exe|5a096695f03f1450\LinkDate01/01/1970 00:00:00NT AUTHORITY\SYSTEM 13241300x80000000000000004469Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.637{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\pinentry.exe|5a096695f03f1450\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004468Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.637{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\pinentry.exe|5a096695f03f1450\LowerCaseLongPathc:\program files\git\usr\bin\pinentry.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004467Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.637{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\pinentry-w32.exe|24e0f01a1d2b39e8\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004466Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.637{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\pinentry-w32.exe|24e0f01a1d2b39e8\LinkDate01/01/1970 00:00:00NT AUTHORITY\SYSTEM 13241300x80000000000000004465Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.637{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\pinentry-w32.exe|24e0f01a1d2b39e8\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004464Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.637{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\pinentry-w32.exe|24e0f01a1d2b39e8\LowerCaseLongPathc:\program files\git\usr\bin\pinentry-w32.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004463Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.637{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\perl5.36.1.exe|b36e42db3d6ae6cc\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004462Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.637{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\perl5.36.1.exe|b36e42db3d6ae6cc\LinkDate04/24/2023 09:04:20NT AUTHORITY\SYSTEM 13241300x80000000000000004461Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.637{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\perl5.36.1.exe|b36e42db3d6ae6cc\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004460Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.637{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\perl5.36.1.exe|b36e42db3d6ae6cc\LowerCaseLongPathc:\program files\git\usr\bin\perl5.36.1.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004459Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.637{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\perl.exe|196d1afec7915eef\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004458Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.637{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\perl.exe|196d1afec7915eef\LinkDate04/24/2023 09:04:20NT AUTHORITY\SYSTEM 13241300x80000000000000004457Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.637{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\perl.exe|196d1afec7915eef\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004456Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.637{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\perl.exe|196d1afec7915eef\LowerCaseLongPathc:\program files\git\usr\bin\perl.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004455Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.637{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\pdftotext.exe|69d0d84ca547f7ea\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004454Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.637{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\pdftotext.exe|69d0d84ca547f7ea\LinkDate01/01/1970 00:00:00NT AUTHORITY\SYSTEM 13241300x80000000000000004453Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.637{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\pdftotext.exe|69d0d84ca547f7ea\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004452Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.637{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\pdftotext.exe|69d0d84ca547f7ea\LowerCaseLongPathc:\program files\git\mingw64\bin\pdftotext.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004451Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.622{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\pathchk.exe|815a4f847b55a65e\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004450Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.622{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\pathchk.exe|815a4f847b55a65e\LinkDate11/15/2022 17:18:56NT AUTHORITY\SYSTEM 13241300x80000000000000004449Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.622{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\pathchk.exe|815a4f847b55a65e\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004448Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.622{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\pathchk.exe|815a4f847b55a65e\LowerCaseLongPathc:\program files\git\usr\bin\pathchk.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004447Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.622{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\patch.exe|ec282c9a0120237a\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004446Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.622{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\patch.exe|ec282c9a0120237a\LinkDate11/14/2022 21:26:13NT AUTHORITY\SYSTEM 13241300x80000000000000004445Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.622{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\patch.exe|ec282c9a0120237a\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004444Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.622{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\patch.exe|ec282c9a0120237a\LowerCaseLongPathc:\program files\git\usr\bin\patch.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004443Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.591{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\paste.exe|4b6449e13df12ac2\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004442Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.591{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\paste.exe|4b6449e13df12ac2\LinkDate11/15/2022 17:18:55NT AUTHORITY\SYSTEM 13241300x80000000000000004441Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.591{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\paste.exe|4b6449e13df12ac2\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004440Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.591{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\paste.exe|4b6449e13df12ac2\LowerCaseLongPathc:\program files\git\usr\bin\paste.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004439Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.575{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\passwd.exe|3074fd45afd21d5a\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004438Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.575{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\passwd.exe|3074fd45afd21d5a\LinkDate05/18/2023 20:44:26NT AUTHORITY\SYSTEM 13241300x80000000000000004437Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.575{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\passwd.exe|3074fd45afd21d5a\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004436Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.575{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\passwd.exe|3074fd45afd21d5a\LowerCaseLongPathc:\program files\git\usr\bin\passwd.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004435Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.575{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\p11-kit.exe|8bade04a6e35b25c\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004434Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.575{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\p11-kit.exe|8bade04a6e35b25c\LinkDate01/01/1970 00:00:00NT AUTHORITY\SYSTEM 13241300x80000000000000004433Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.575{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\p11-kit.exe|8bade04a6e35b25c\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004432Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.575{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\p11-kit.exe|8bade04a6e35b25c\LowerCaseLongPathc:\program files\git\usr\bin\p11-kit.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004431Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.575{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\p11-kit.exe|3b750087bc81dbf1\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004430Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.575{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\p11-kit.exe|3b750087bc81dbf1\LinkDate03/12/2023 09:20:43NT AUTHORITY\SYSTEM 13241300x80000000000000004429Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.575{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\p11-kit.exe|3b750087bc81dbf1\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004428Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.575{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\p11-kit.exe|3b750087bc81dbf1\LowerCaseLongPathc:\program files\git\mingw64\bin\p11-kit.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004427Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.575{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\p11-kit-server.e|8dad05e39eda3bda\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004426Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.575{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\p11-kit-server.e|8dad05e39eda3bda\LinkDate03/12/2023 09:20:43NT AUTHORITY\SYSTEM 13241300x80000000000000004425Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.575{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\p11-kit-server.e|8dad05e39eda3bda\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004424Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.575{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\p11-kit-server.e|8dad05e39eda3bda\LowerCaseLongPathc:\program files\git\mingw64\libexec\p11-kit\p11-kit-server.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004423Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.575{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\p11-kit-server.e|2949625778c73062\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004422Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.575{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\p11-kit-server.e|2949625778c73062\LinkDate01/01/1970 00:00:00NT AUTHORITY\SYSTEM 13241300x80000000000000004421Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.575{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\p11-kit-server.e|2949625778c73062\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004420Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.575{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\p11-kit-server.e|2949625778c73062\LowerCaseLongPathc:\program files\git\usr\libexec\p11-kit\p11-kit-server.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004419Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.575{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\p11-kit-remote.e|51a36587ed162938\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004418Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.575{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\p11-kit-remote.e|51a36587ed162938\LinkDate01/01/1970 00:00:00NT AUTHORITY\SYSTEM 13241300x80000000000000004417Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.575{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\p11-kit-remote.e|51a36587ed162938\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004416Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.559{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\p11-kit-remote.e|51a36587ed162938\LowerCaseLongPathc:\program files\git\usr\libexec\p11-kit\p11-kit-remote.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004415Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.559{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\p11-kit-remote.e|368a54e725b4b107\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004414Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.559{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\p11-kit-remote.e|368a54e725b4b107\LinkDate03/12/2023 09:20:43NT AUTHORITY\SYSTEM 13241300x80000000000000004413Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.559{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\p11-kit-remote.e|368a54e725b4b107\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004412Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.559{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\p11-kit-remote.e|368a54e725b4b107\LowerCaseLongPathc:\program files\git\mingw64\libexec\p11-kit\p11-kit-remote.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004411Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.559{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\openssl.exe|f1700e8a34a30f68\BinProductVersion1.1.1.21NT AUTHORITY\SYSTEM 13241300x80000000000000004410Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.559{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\openssl.exe|f1700e8a34a30f68\LinkDate05/30/2023 20:04:48NT AUTHORITY\SYSTEM 13241300x80000000000000004409Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.559{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\openssl.exe|f1700e8a34a30f68\Publisherthe openssl project, https://www.openssl.org/NT AUTHORITY\SYSTEM 13241300x80000000000000004408Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.559{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\openssl.exe|f1700e8a34a30f68\LowerCaseLongPathc:\program files\git\mingw64\bin\openssl.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004407Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.544{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\openssl.exe|171f6196cf43df96\BinProductVersion1.1.1.21NT AUTHORITY\SYSTEM 13241300x80000000000000004406Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.544{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\openssl.exe|171f6196cf43df96\LinkDate05/30/2023 20:24:32NT AUTHORITY\SYSTEM 13241300x80000000000000004405Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.544{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\openssl.exe|171f6196cf43df96\Publisherthe openssl project, https://www.openssl.org/NT AUTHORITY\SYSTEM 13241300x80000000000000004404Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.544{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\openssl.exe|171f6196cf43df96\LowerCaseLongPathc:\program files\git\usr\bin\openssl.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004403Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.544{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\odt2txt.exe|6473e7d965a98c3a\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004402Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.544{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\odt2txt.exe|6473e7d965a98c3a\LinkDate10/29/2022 11:38:06NT AUTHORITY\SYSTEM 13241300x80000000000000004401Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.544{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\odt2txt.exe|6473e7d965a98c3a\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004400Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.544{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\odt2txt.exe|6473e7d965a98c3a\LowerCaseLongPathc:\program files\git\mingw64\bin\odt2txt.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004399Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.544{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\od.exe|4327ce9d2e91b98c\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004398Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.544{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\od.exe|4327ce9d2e91b98c\LinkDate11/15/2022 17:18:55NT AUTHORITY\SYSTEM 13241300x80000000000000004397Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.544{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\od.exe|4327ce9d2e91b98c\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004396Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.544{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\od.exe|4327ce9d2e91b98c\LowerCaseLongPathc:\program files\git\usr\bin\od.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004395Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.544{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\numfmt.exe|8ee1d73a41ab2c69\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004394Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.544{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\numfmt.exe|8ee1d73a41ab2c69\LinkDate11/15/2022 17:18:55NT AUTHORITY\SYSTEM 13241300x80000000000000004393Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.544{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\numfmt.exe|8ee1d73a41ab2c69\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004392Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.544{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\numfmt.exe|8ee1d73a41ab2c69\LowerCaseLongPathc:\program files\git\usr\bin\numfmt.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004391Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.544{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\nproc.exe|4b998916d3f3a9c7\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004390Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.544{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\nproc.exe|4b998916d3f3a9c7\LinkDate11/15/2022 17:18:54NT AUTHORITY\SYSTEM 13241300x80000000000000004389Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.544{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\nproc.exe|4b998916d3f3a9c7\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004388Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.544{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\nproc.exe|4b998916d3f3a9c7\LowerCaseLongPathc:\program files\git\usr\bin\nproc.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004387Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.528{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\nohup.exe|b6d740d02d8e649a\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004386Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.528{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\nohup.exe|b6d740d02d8e649a\LinkDate11/15/2022 17:18:54NT AUTHORITY\SYSTEM 13241300x80000000000000004385Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.528{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\nohup.exe|b6d740d02d8e649a\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004384Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.528{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\nohup.exe|b6d740d02d8e649a\LowerCaseLongPathc:\program files\git\usr\bin\nohup.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004383Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.528{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\nl.exe|a11f2aa66e5f8174\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004382Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.528{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\nl.exe|a11f2aa66e5f8174\LinkDate11/15/2022 17:18:54NT AUTHORITY\SYSTEM 13241300x80000000000000004381Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.528{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\nl.exe|a11f2aa66e5f8174\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004380Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.528{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\nl.exe|a11f2aa66e5f8174\LowerCaseLongPathc:\program files\git\usr\bin\nl.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004379Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.528{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\nice.exe|d195556bd0ad811f\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004378Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.528{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\nice.exe|d195556bd0ad811f\LinkDate11/15/2022 17:18:53NT AUTHORITY\SYSTEM 13241300x80000000000000004377Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.528{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\nice.exe|d195556bd0ad811f\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004376Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.528{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\nice.exe|d195556bd0ad811f\LowerCaseLongPathc:\program files\git\usr\bin\nice.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004375Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.528{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\ngettext.exe|b3b7f8b500cfd995\BinProductVersion0.21.0.0NT AUTHORITY\SYSTEM 13241300x80000000000000004374Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.528{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\ngettext.exe|b3b7f8b500cfd995\LinkDate01/01/1970 00:00:00NT AUTHORITY\SYSTEM 13241300x80000000000000004373Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.528{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\ngettext.exe|b3b7f8b500cfd995\Publisherfree software foundationNT AUTHORITY\SYSTEM 13241300x80000000000000004372Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.528{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\ngettext.exe|b3b7f8b500cfd995\LowerCaseLongPathc:\program files\git\usr\bin\ngettext.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004371Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.528{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\nettle-pbkdf2.ex|97ba977fde0c62d6\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004370Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.528{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\nettle-pbkdf2.ex|97ba977fde0c62d6\LinkDate05/18/2023 12:11:16NT AUTHORITY\SYSTEM 13241300x80000000000000004369Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.528{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\nettle-pbkdf2.ex|97ba977fde0c62d6\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004368Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.528{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\nettle-pbkdf2.ex|97ba977fde0c62d6\LowerCaseLongPathc:\program files\git\usr\bin\nettle-pbkdf2.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004367Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.528{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\nettle-lfib-stre|884dcfac9ef75867\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004366Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.528{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\nettle-lfib-stre|884dcfac9ef75867\LinkDate05/18/2023 12:11:15NT AUTHORITY\SYSTEM 13241300x80000000000000004365Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.528{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\nettle-lfib-stre|884dcfac9ef75867\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004364Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.528{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\nettle-lfib-stre|884dcfac9ef75867\LowerCaseLongPathc:\program files\git\usr\bin\nettle-lfib-stream.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004363Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.528{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\nettle-hash.exe|b53503615f207ffa\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004362Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.528{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\nettle-hash.exe|b53503615f207ffa\LinkDate05/18/2023 12:11:15NT AUTHORITY\SYSTEM 13241300x80000000000000004361Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.528{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\nettle-hash.exe|b53503615f207ffa\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004360Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.528{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\nettle-hash.exe|b53503615f207ffa\LowerCaseLongPathc:\program files\git\usr\bin\nettle-hash.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004359Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.497{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\nano.exe|b50a21634bf0fc7\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004358Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.497{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\nano.exe|b50a21634bf0fc7\LinkDate01/20/2023 09:25:45NT AUTHORITY\SYSTEM 13241300x80000000000000004357Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.497{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\nano.exe|b50a21634bf0fc7\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004356Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.497{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\nano.exe|b50a21634bf0fc7\LowerCaseLongPathc:\program files\git\usr\bin\nano.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004355Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.481{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\mv.exe|929878a0fb05584e\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004354Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.481{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\mv.exe|929878a0fb05584e\LinkDate11/15/2022 17:18:53NT AUTHORITY\SYSTEM 13241300x80000000000000004353Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.481{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\mv.exe|929878a0fb05584e\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004352Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.481{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\mv.exe|929878a0fb05584e\LowerCaseLongPathc:\program files\git\usr\bin\mv.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004351Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.481{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\msguniq.exe|630e939fcdce570c\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004350Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.481{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\msguniq.exe|630e939fcdce570c\LinkDate01/01/1970 00:00:00NT AUTHORITY\SYSTEM 13241300x80000000000000004349Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.481{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\msguniq.exe|630e939fcdce570c\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004348Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.481{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\msguniq.exe|630e939fcdce570c\LowerCaseLongPathc:\program files\git\usr\bin\msguniq.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004347Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.481{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\msgunfmt.exe|e224c743b2bfe999\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004346Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.481{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\msgunfmt.exe|e224c743b2bfe999\LinkDate01/01/1970 00:00:00NT AUTHORITY\SYSTEM 13241300x80000000000000004345Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.481{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\msgunfmt.exe|e224c743b2bfe999\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004344Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.481{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\msgunfmt.exe|e224c743b2bfe999\LowerCaseLongPathc:\program files\git\usr\bin\msgunfmt.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004343Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.481{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\msgmerge.exe|70a7277cc4533b58\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004342Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.481{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\msgmerge.exe|70a7277cc4533b58\LinkDate01/01/1970 00:00:00NT AUTHORITY\SYSTEM 13241300x80000000000000004341Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.481{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\msgmerge.exe|70a7277cc4533b58\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004340Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.481{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\msgmerge.exe|70a7277cc4533b58\LowerCaseLongPathc:\program files\git\usr\bin\msgmerge.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004339Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.481{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\msginit.exe|5aa0cd7045e63438\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004338Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.481{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\msginit.exe|5aa0cd7045e63438\LinkDate01/01/1970 00:00:00NT AUTHORITY\SYSTEM 13241300x80000000000000004337Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.481{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\msginit.exe|5aa0cd7045e63438\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004336Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.481{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\msginit.exe|5aa0cd7045e63438\LowerCaseLongPathc:\program files\git\usr\bin\msginit.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004335Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.481{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\msggrep.exe|983cdb3b51d722e3\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004334Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.481{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\msggrep.exe|983cdb3b51d722e3\LinkDate01/01/1970 00:00:00NT AUTHORITY\SYSTEM 13241300x80000000000000004333Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.481{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\msggrep.exe|983cdb3b51d722e3\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004332Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.481{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\msggrep.exe|983cdb3b51d722e3\LowerCaseLongPathc:\program files\git\usr\bin\msggrep.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004331Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.466{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\msgfmt.exe|b876ce85e126a312\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004330Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.466{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\msgfmt.exe|b876ce85e126a312\LinkDate01/01/1970 00:00:00NT AUTHORITY\SYSTEM 13241300x80000000000000004329Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.466{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\msgfmt.exe|b876ce85e126a312\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004328Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.466{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\msgfmt.exe|b876ce85e126a312\LowerCaseLongPathc:\program files\git\usr\bin\msgfmt.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004327Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.466{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\msgfilter.exe|aaac2b93f137f1ae\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004326Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.466{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\msgfilter.exe|aaac2b93f137f1ae\LinkDate01/01/1970 00:00:00NT AUTHORITY\SYSTEM 13241300x80000000000000004325Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.466{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\msgfilter.exe|aaac2b93f137f1ae\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004324Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.466{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\msgfilter.exe|aaac2b93f137f1ae\LowerCaseLongPathc:\program files\git\usr\bin\msgfilter.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004323Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.466{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\msgexec.exe|9c976ab4ff6e1c54\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004322Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.466{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\msgexec.exe|9c976ab4ff6e1c54\LinkDate01/01/1970 00:00:00NT AUTHORITY\SYSTEM 13241300x80000000000000004321Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.466{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\msgexec.exe|9c976ab4ff6e1c54\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004320Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.466{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\msgexec.exe|9c976ab4ff6e1c54\LowerCaseLongPathc:\program files\git\usr\bin\msgexec.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004319Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.466{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\msgen.exe|da6af5ac56e9716\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004318Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.466{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\msgen.exe|da6af5ac56e9716\LinkDate01/01/1970 00:00:00NT AUTHORITY\SYSTEM 13241300x80000000000000004317Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.466{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\msgen.exe|da6af5ac56e9716\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004316Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.466{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\msgen.exe|da6af5ac56e9716\LowerCaseLongPathc:\program files\git\usr\bin\msgen.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004315Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.466{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\msgconv.exe|be24512a01e4ec35\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004314Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.466{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\msgconv.exe|be24512a01e4ec35\LinkDate01/01/1970 00:00:00NT AUTHORITY\SYSTEM 13241300x80000000000000004313Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.466{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\msgconv.exe|be24512a01e4ec35\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004312Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.466{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\msgconv.exe|be24512a01e4ec35\LowerCaseLongPathc:\program files\git\usr\bin\msgconv.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004311Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.466{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\msgcomm.exe|6ef471fb1825a1cd\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004310Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.466{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\msgcomm.exe|6ef471fb1825a1cd\LinkDate01/01/1970 00:00:00NT AUTHORITY\SYSTEM 13241300x80000000000000004309Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.466{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\msgcomm.exe|6ef471fb1825a1cd\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004308Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.466{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\msgcomm.exe|6ef471fb1825a1cd\LowerCaseLongPathc:\program files\git\usr\bin\msgcomm.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004307Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.466{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\msgcmp.exe|7c2e229e6e1c68a8\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004306Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.466{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\msgcmp.exe|7c2e229e6e1c68a8\LinkDate01/01/1970 00:00:00NT AUTHORITY\SYSTEM 13241300x80000000000000004305Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.466{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\msgcmp.exe|7c2e229e6e1c68a8\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004304Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.466{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\msgcmp.exe|7c2e229e6e1c68a8\LowerCaseLongPathc:\program files\git\usr\bin\msgcmp.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004303Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.466{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\msgcat.exe|5596b37e57e3e044\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004302Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.466{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\msgcat.exe|5596b37e57e3e044\LinkDate01/01/1970 00:00:00NT AUTHORITY\SYSTEM 13241300x80000000000000004301Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.466{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\msgcat.exe|5596b37e57e3e044\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004300Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.466{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\msgcat.exe|5596b37e57e3e044\LowerCaseLongPathc:\program files\git\usr\bin\msgcat.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004299Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.434{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\msgattrib.exe|ef0e87f6c6fba86f\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004298Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.434{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\msgattrib.exe|ef0e87f6c6fba86f\LinkDate01/01/1970 00:00:00NT AUTHORITY\SYSTEM 13241300x80000000000000004297Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.434{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\msgattrib.exe|ef0e87f6c6fba86f\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004296Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.434{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\msgattrib.exe|ef0e87f6c6fba86f\LowerCaseLongPathc:\program files\git\usr\bin\msgattrib.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004295Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.434{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\mpicalc.exe|f96ca699905a957b\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004294Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.434{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\mpicalc.exe|f96ca699905a957b\LinkDate05/02/2023 06:40:38NT AUTHORITY\SYSTEM 13241300x80000000000000004293Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.434{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\mpicalc.exe|f96ca699905a957b\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004292Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.434{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\mpicalc.exe|f96ca699905a957b\LowerCaseLongPathc:\program files\git\usr\bin\mpicalc.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004291Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.434{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\mount.exe|9be5c50fa3ad3871\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004290Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.434{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\mount.exe|9be5c50fa3ad3871\LinkDate05/18/2023 20:44:26NT AUTHORITY\SYSTEM 13241300x80000000000000004289Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.434{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\mount.exe|9be5c50fa3ad3871\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004288Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.434{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\mount.exe|9be5c50fa3ad3871\LowerCaseLongPathc:\program files\git\usr\bin\mount.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004287Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.419{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\mktemp.exe|f571057b3b322073\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004286Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.419{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\mktemp.exe|f571057b3b322073\LinkDate11/15/2022 17:18:53NT AUTHORITY\SYSTEM 13241300x80000000000000004285Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.419{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\mktemp.exe|f571057b3b322073\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004284Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.419{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\mktemp.exe|f571057b3b322073\LowerCaseLongPathc:\program files\git\usr\bin\mktemp.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004283Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.419{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\mkpasswd.exe|73ea587603f838db\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004282Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.419{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\mkpasswd.exe|73ea587603f838db\LinkDate05/18/2023 20:44:26NT AUTHORITY\SYSTEM 13241300x80000000000000004281Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.419{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\mkpasswd.exe|73ea587603f838db\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004280Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.419{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\mkpasswd.exe|73ea587603f838db\LowerCaseLongPathc:\program files\git\usr\bin\mkpasswd.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004279Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.419{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\mknod.exe|1c9cc79f3ba29852\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004278Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.419{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\mknod.exe|1c9cc79f3ba29852\LinkDate11/15/2022 17:18:53NT AUTHORITY\SYSTEM 13241300x80000000000000004277Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.419{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\mknod.exe|1c9cc79f3ba29852\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004276Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.419{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\mknod.exe|1c9cc79f3ba29852\LowerCaseLongPathc:\program files\git\usr\bin\mknod.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004275Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.419{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\mkgroup.exe|b0fed08db39d16e4\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004274Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.419{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\mkgroup.exe|b0fed08db39d16e4\LinkDate05/18/2023 20:44:26NT AUTHORITY\SYSTEM 13241300x80000000000000004273Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.419{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\mkgroup.exe|b0fed08db39d16e4\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004272Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.419{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\mkgroup.exe|b0fed08db39d16e4\LowerCaseLongPathc:\program files\git\usr\bin\mkgroup.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004271Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.419{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\mkfifo.exe|1676140672f1cfe0\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004270Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.419{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\mkfifo.exe|1676140672f1cfe0\LinkDate11/15/2022 17:18:52NT AUTHORITY\SYSTEM 13241300x80000000000000004269Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.419{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\mkfifo.exe|1676140672f1cfe0\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004268Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.419{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\mkfifo.exe|1676140672f1cfe0\LowerCaseLongPathc:\program files\git\usr\bin\mkfifo.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004267Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.419{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\mkdir.exe|d166f5452ec8d3f1\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004266Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.419{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\mkdir.exe|d166f5452ec8d3f1\LinkDate11/15/2022 17:18:52NT AUTHORITY\SYSTEM 13241300x80000000000000004265Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.419{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\mkdir.exe|d166f5452ec8d3f1\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004264Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.419{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\mkdir.exe|d166f5452ec8d3f1\LowerCaseLongPathc:\program files\git\usr\bin\mkdir.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004263Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.387{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\mintty.exe|49e751352c5fb46d\BinProductVersion0.0.0.0NT AUTHORITY\SYSTEM 13241300x80000000000000004262Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.387{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\mintty.exe|49e751352c5fb46d\LinkDate03/25/2023 08:47:55NT AUTHORITY\SYSTEM 13241300x80000000000000004261Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.387{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\mintty.exe|49e751352c5fb46d\Publisherthomas wolff, andy koppeNT AUTHORITY\SYSTEM 13241300x80000000000000004260Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.387{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\mintty.exe|49e751352c5fb46d\LowerCaseLongPathc:\program files\git\usr\bin\mintty.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004259Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.341{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\minidumper.exe|54796dc6e15198fd\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004258Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.341{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\minidumper.exe|54796dc6e15198fd\LinkDate05/18/2023 20:44:26NT AUTHORITY\SYSTEM 13241300x80000000000000004257Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.341{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\minidumper.exe|54796dc6e15198fd\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004256Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.341{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\minidumper.exe|54796dc6e15198fd\LowerCaseLongPathc:\program files\git\usr\bin\minidumper.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004255Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.341{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\md5sum.exe|24d7cfd4f0a567ad\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004254Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.341{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\md5sum.exe|24d7cfd4f0a567ad\LinkDate11/15/2022 17:18:52NT AUTHORITY\SYSTEM 13241300x80000000000000004253Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.341{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\md5sum.exe|24d7cfd4f0a567ad\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004252Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.341{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\md5sum.exe|24d7cfd4f0a567ad\LowerCaseLongPathc:\program files\git\usr\bin\md5sum.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004251Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.341{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\mac2unix.exe|fa8c232fc2ace248\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004250Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.341{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\mac2unix.exe|fa8c232fc2ace248\LinkDate05/18/2023 20:45:17NT AUTHORITY\SYSTEM 13241300x80000000000000004249Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.341{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\mac2unix.exe|fa8c232fc2ace248\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004248Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.341{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\mac2unix.exe|fa8c232fc2ace248\LowerCaseLongPathc:\program files\git\usr\bin\mac2unix.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004247Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.341{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\lzmainfo.exe|3070267691718925\BinProductVersion5.4.3.0NT AUTHORITY\SYSTEM 13241300x80000000000000004246Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.341{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\lzmainfo.exe|3070267691718925\LinkDate05/05/2023 14:54:54NT AUTHORITY\SYSTEM 13241300x80000000000000004245Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.341{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\lzmainfo.exe|3070267691718925\Publisherthe tukaani project <https://tukaani.org/>NT AUTHORITY\SYSTEM 13241300x80000000000000004244Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.341{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\lzmainfo.exe|3070267691718925\LowerCaseLongPathc:\program files\git\mingw64\bin\lzmainfo.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004243Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.341{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\lzmadec.exe|d4a4f5d09de2ad9f\BinProductVersion5.4.3.0NT AUTHORITY\SYSTEM 13241300x80000000000000004242Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.341{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\lzmadec.exe|d4a4f5d09de2ad9f\LinkDate05/05/2023 14:54:54NT AUTHORITY\SYSTEM 13241300x80000000000000004241Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.341{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\lzmadec.exe|d4a4f5d09de2ad9f\Publisherthe tukaani project <https://tukaani.org/>NT AUTHORITY\SYSTEM 13241300x80000000000000004240Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.341{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\lzmadec.exe|d4a4f5d09de2ad9f\LowerCaseLongPathc:\program files\git\mingw64\bin\lzmadec.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004239Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.325{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\lsattr.exe|e9598ad07d9f1abe\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004238Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.325{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\lsattr.exe|e9598ad07d9f1abe\LinkDate05/18/2023 20:44:26NT AUTHORITY\SYSTEM 13241300x80000000000000004237Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.325{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\lsattr.exe|e9598ad07d9f1abe\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004236Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.325{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\lsattr.exe|e9598ad07d9f1abe\LowerCaseLongPathc:\program files\git\usr\bin\lsattr.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004235Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.325{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\ls.exe|dfaab3a81c3b31c6\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004234Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.325{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\ls.exe|dfaab3a81c3b31c6\LinkDate11/15/2022 17:18:52NT AUTHORITY\SYSTEM 13241300x80000000000000004233Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.325{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\ls.exe|dfaab3a81c3b31c6\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004232Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.325{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\ls.exe|dfaab3a81c3b31c6\LowerCaseLongPathc:\program files\git\usr\bin\ls.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004231Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.325{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\logname.exe|12359a62b40825c8\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004230Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.325{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\logname.exe|12359a62b40825c8\LinkDate11/15/2022 17:18:51NT AUTHORITY\SYSTEM 13241300x80000000000000004229Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.325{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\logname.exe|12359a62b40825c8\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004228Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.325{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\logname.exe|12359a62b40825c8\LowerCaseLongPathc:\program files\git\usr\bin\logname.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004227Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.325{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\locate.exe|62a0c84839d4a077\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004226Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.325{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\locate.exe|62a0c84839d4a077\LinkDate01/01/1970 00:00:00NT AUTHORITY\SYSTEM 13241300x80000000000000004225Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.325{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\locate.exe|62a0c84839d4a077\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004224Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.325{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\locate.exe|62a0c84839d4a077\LowerCaseLongPathc:\program files\git\usr\bin\locate.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004223Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.325{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\locale.exe|5d75359b8fae4864\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004222Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.325{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\locale.exe|5d75359b8fae4864\LinkDate05/18/2023 20:44:26NT AUTHORITY\SYSTEM 13241300x80000000000000004221Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.325{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\locale.exe|5d75359b8fae4864\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004220Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.325{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\locale.exe|5d75359b8fae4864\LowerCaseLongPathc:\program files\git\usr\bin\locale.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004219Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.309{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\ln.exe|79dda9f517ff22bc\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004218Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.309{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\ln.exe|79dda9f517ff22bc\LinkDate11/15/2022 17:18:51NT AUTHORITY\SYSTEM 13241300x80000000000000004217Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.309{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\ln.exe|79dda9f517ff22bc\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004216Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.309{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\ln.exe|79dda9f517ff22bc\LowerCaseLongPathc:\program files\git\usr\bin\ln.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004215Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.309{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\link.exe|293c50e422886ac8\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004214Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.309{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\link.exe|293c50e422886ac8\LinkDate11/15/2022 17:18:50NT AUTHORITY\SYSTEM 13241300x80000000000000004213Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.309{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\link.exe|293c50e422886ac8\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004212Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.309{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\link.exe|293c50e422886ac8\LowerCaseLongPathc:\program files\git\usr\bin\link.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004211Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.309{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\lesskey.exe|6d817558b9a5216\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004210Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.309{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\lesskey.exe|6d817558b9a5216\LinkDate05/04/2023 19:54:15NT AUTHORITY\SYSTEM 13241300x80000000000000004209Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.309{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\lesskey.exe|6d817558b9a5216\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004208Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.309{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\lesskey.exe|6d817558b9a5216\LowerCaseLongPathc:\program files\git\usr\bin\lesskey.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004207Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.309{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\lessecho.exe|3b7a4aa7df4af94e\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004206Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.309{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\lessecho.exe|3b7a4aa7df4af94e\LinkDate05/04/2023 19:54:15NT AUTHORITY\SYSTEM 13241300x80000000000000004205Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.309{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\lessecho.exe|3b7a4aa7df4af94e\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004204Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.309{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\lessecho.exe|3b7a4aa7df4af94e\LowerCaseLongPathc:\program files\git\usr\bin\lessecho.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004203Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.309{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\less.exe|a02ef69e95f97e25\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004202Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.309{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\less.exe|a02ef69e95f97e25\LinkDate05/04/2023 19:54:15NT AUTHORITY\SYSTEM 13241300x80000000000000004201Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.309{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\less.exe|a02ef69e95f97e25\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004200Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.309{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\less.exe|a02ef69e95f97e25\LowerCaseLongPathc:\program files\git\usr\bin\less.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004199Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.309{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\ldh.exe|da4d63a2fca071c0\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004198Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.309{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\ldh.exe|da4d63a2fca071c0\LinkDate05/18/2023 20:44:04NT AUTHORITY\SYSTEM 13241300x80000000000000004197Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.309{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\ldh.exe|da4d63a2fca071c0\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004196Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.309{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\ldh.exe|da4d63a2fca071c0\LowerCaseLongPathc:\program files\git\usr\bin\ldh.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004195Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.278{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\ldd.exe|15068ec08ef3ecfc\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004194Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.278{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\ldd.exe|15068ec08ef3ecfc\LinkDate05/18/2023 20:44:25NT AUTHORITY\SYSTEM 13241300x80000000000000004193Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.278{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\ldd.exe|15068ec08ef3ecfc\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004192Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.278{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\ldd.exe|15068ec08ef3ecfc\LowerCaseLongPathc:\program files\git\usr\bin\ldd.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004191Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.278{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\kill.exe|4bade27621c021e4\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004190Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.278{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\kill.exe|4bade27621c021e4\LinkDate05/18/2023 20:44:25NT AUTHORITY\SYSTEM 13241300x80000000000000004189Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.278{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\kill.exe|4bade27621c021e4\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004188Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.278{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\kill.exe|4bade27621c021e4\LowerCaseLongPathc:\program files\git\usr\bin\kill.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004187Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.278{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\kbxutil.exe|1308e71e0c8d3207\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004186Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.278{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\kbxutil.exe|1308e71e0c8d3207\LinkDate05/02/2023 09:09:39NT AUTHORITY\SYSTEM 13241300x80000000000000004185Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.278{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\kbxutil.exe|1308e71e0c8d3207\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004184Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.278{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\kbxutil.exe|1308e71e0c8d3207\LowerCaseLongPathc:\program files\git\usr\bin\kbxutil.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004183Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.278{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\join.exe|dc913e518f010b9e\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004182Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.278{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\join.exe|dc913e518f010b9e\LinkDate11/15/2022 17:18:50NT AUTHORITY\SYSTEM 13241300x80000000000000004181Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.278{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\join.exe|dc913e518f010b9e\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004180Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.278{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\join.exe|dc913e518f010b9e\LowerCaseLongPathc:\program files\git\usr\bin\join.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004179Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.262{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\install.exe|6fbae492ae887311\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004178Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.262{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\install.exe|6fbae492ae887311\LinkDate11/15/2022 17:18:50NT AUTHORITY\SYSTEM 13241300x80000000000000004177Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.262{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\install.exe|6fbae492ae887311\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004176Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.262{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\install.exe|6fbae492ae887311\LowerCaseLongPathc:\program files\git\usr\bin\install.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004175Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.262{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\infotocap.exe|b30daf4370dfb24c\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004174Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.262{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\infotocap.exe|b30daf4370dfb24c\LinkDate01/29/2023 10:00:13NT AUTHORITY\SYSTEM 13241300x80000000000000004173Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.262{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\infotocap.exe|b30daf4370dfb24c\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004172Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.262{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\infotocap.exe|b30daf4370dfb24c\LowerCaseLongPathc:\program files\git\usr\bin\infotocap.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004171Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.262{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\infocmp.exe|bf56519423b7f5b4\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004170Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.262{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\infocmp.exe|bf56519423b7f5b4\LinkDate01/29/2023 10:00:13NT AUTHORITY\SYSTEM 13241300x80000000000000004169Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.262{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\infocmp.exe|bf56519423b7f5b4\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004168Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.262{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\infocmp.exe|bf56519423b7f5b4\LowerCaseLongPathc:\program files\git\usr\bin\infocmp.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004167Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.262{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\id.exe|58d5aeed1760e581\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004166Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.262{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\id.exe|58d5aeed1760e581\LinkDate11/15/2022 17:18:49NT AUTHORITY\SYSTEM 13241300x80000000000000004165Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.262{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\id.exe|58d5aeed1760e581\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004164Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.262{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\id.exe|58d5aeed1760e581\LowerCaseLongPathc:\program files\git\usr\bin\id.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004163Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.262{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\iconv.exe|aa01f87ce2558a5a\BinProductVersion1.17.0.0NT AUTHORITY\SYSTEM 13241300x80000000000000004162Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.262{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\iconv.exe|aa01f87ce2558a5a\LinkDate01/01/1970 00:00:00NT AUTHORITY\SYSTEM 13241300x80000000000000004161Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.262{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\iconv.exe|aa01f87ce2558a5a\Publisherfree software foundationNT AUTHORITY\SYSTEM 13241300x80000000000000004160Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.262{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\iconv.exe|aa01f87ce2558a5a\LowerCaseLongPathc:\program files\git\usr\bin\iconv.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004159Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.262{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\hostname.exe|87d3101f283dd346\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004158Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.262{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\hostname.exe|87d3101f283dd346\LinkDate11/15/2022 17:18:49NT AUTHORITY\SYSTEM 13241300x80000000000000004157Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.262{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\hostname.exe|87d3101f283dd346\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004156Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.262{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\hostname.exe|87d3101f283dd346\LowerCaseLongPathc:\program files\git\usr\bin\hostname.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004155Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.262{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\hostname.exe|810b252b242085fc\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004154Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.262{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\hostname.exe|810b252b242085fc\LinkDate01/01/1970 00:00:00NT AUTHORITY\SYSTEM 13241300x80000000000000004153Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.262{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\hostname.exe|810b252b242085fc\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004152Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.262{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\hostname.exe|810b252b242085fc\LowerCaseLongPathc:\program files\git\usr\lib\gettext\hostname.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004151Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.262{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\hostid.exe|6d4143f0897c8d41\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004150Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.262{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\hostid.exe|6d4143f0897c8d41\LinkDate11/15/2022 17:18:49NT AUTHORITY\SYSTEM 13241300x80000000000000004149Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.262{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\hostid.exe|6d4143f0897c8d41\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004148Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.262{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\hostid.exe|6d4143f0897c8d41\LowerCaseLongPathc:\program files\git\usr\bin\hostid.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004147Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.247{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\hmac256.exe|32958ea17350316\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004146Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.247{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\hmac256.exe|32958ea17350316\LinkDate05/02/2023 06:40:37NT AUTHORITY\SYSTEM 13241300x80000000000000004145Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.247{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\hmac256.exe|32958ea17350316\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004144Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.247{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\hmac256.exe|32958ea17350316\LowerCaseLongPathc:\program files\git\usr\bin\hmac256.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004143Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.247{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\headless-git.exe|785e29ace5e8bd40\BinProductVersion2.41.0.1NT AUTHORITY\SYSTEM 13241300x80000000000000004142Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.247{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\headless-git.exe|785e29ace5e8bd40\LinkDate06/01/2023 16:34:16NT AUTHORITY\SYSTEM 13241300x80000000000000004141Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.247{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\headless-git.exe|785e29ace5e8bd40\Publisherthe git development communityNT AUTHORITY\SYSTEM 13241300x80000000000000004140Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.247{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\headless-git.exe|785e29ace5e8bd40\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\headless-git.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004139Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.247{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\head.exe|fc7ddc9982db949a\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004138Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.247{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\head.exe|fc7ddc9982db949a\LinkDate11/15/2022 17:18:48NT AUTHORITY\SYSTEM 13241300x80000000000000004137Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.247{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\head.exe|fc7ddc9982db949a\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004136Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.247{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\head.exe|fc7ddc9982db949a\LowerCaseLongPathc:\program files\git\usr\bin\head.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004135Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.247{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\gzip.exe|5579843dbc752d44\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004134Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.247{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\gzip.exe|5579843dbc752d44\LinkDate01/01/1970 00:00:00NT AUTHORITY\SYSTEM 13241300x80000000000000004133Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.247{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\gzip.exe|5579843dbc752d44\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004132Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.247{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\gzip.exe|5579843dbc752d44\LowerCaseLongPathc:\program files\git\usr\bin\gzip.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004131Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.247{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\groups.exe|2cd133bd6998e5fb\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004130Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.247{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\groups.exe|2cd133bd6998e5fb\LinkDate11/15/2022 17:18:48NT AUTHORITY\SYSTEM 13241300x80000000000000004129Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.247{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\groups.exe|2cd133bd6998e5fb\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004128Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.247{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\groups.exe|2cd133bd6998e5fb\LowerCaseLongPathc:\program files\git\usr\bin\groups.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004127Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.247{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\grep.exe|e40de301f2861b6e\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004126Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.247{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\grep.exe|e40de301f2861b6e\LinkDate11/15/2022 17:31:52NT AUTHORITY\SYSTEM 13241300x80000000000000004125Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.247{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\grep.exe|e40de301f2861b6e\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004124Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.247{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\grep.exe|e40de301f2861b6e\LowerCaseLongPathc:\program files\git\usr\bin\grep.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004123Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.231{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\grcat.exe|dafb27ccdda3446f\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004122Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.231{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\grcat.exe|dafb27ccdda3446f\LinkDate01/01/1970 00:00:00NT AUTHORITY\SYSTEM 13241300x80000000000000004121Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.231{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\grcat.exe|dafb27ccdda3446f\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004120Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.231{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\grcat.exe|dafb27ccdda3446f\LowerCaseLongPathc:\program files\git\usr\lib\awk\grcat.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004119Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.231{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\gpgv.exe|3e8076918b3dc637\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004118Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.231{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\gpgv.exe|3e8076918b3dc637\LinkDate05/02/2023 09:09:38NT AUTHORITY\SYSTEM 13241300x80000000000000004117Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.231{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\gpgv.exe|3e8076918b3dc637\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004116Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.231{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\gpgv.exe|3e8076918b3dc637\LowerCaseLongPathc:\program files\git\usr\bin\gpgv.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004115Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.231{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\gpgtar.exe|83e2bc192363db05\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004114Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.231{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\gpgtar.exe|83e2bc192363db05\LinkDate05/02/2023 09:09:38NT AUTHORITY\SYSTEM 13241300x80000000000000004113Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.231{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\gpgtar.exe|83e2bc192363db05\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004112Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.231{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\gpgtar.exe|83e2bc192363db05\LowerCaseLongPathc:\program files\git\usr\bin\gpgtar.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004111Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.231{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\gpgsplit.exe|87bafc2530c840f0\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004110Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.231{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\gpgsplit.exe|87bafc2530c840f0\LinkDate05/02/2023 09:09:38NT AUTHORITY\SYSTEM 13241300x80000000000000004109Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.231{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\gpgsplit.exe|87bafc2530c840f0\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004108Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.231{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\gpgsplit.exe|87bafc2530c840f0\LowerCaseLongPathc:\program files\git\usr\bin\gpgsplit.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004107Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.200{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\gpgsm.exe|c489439d65554f2c\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004106Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.200{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\gpgsm.exe|c489439d65554f2c\LinkDate05/02/2023 09:09:38NT AUTHORITY\SYSTEM 13241300x80000000000000004105Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.200{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\gpgsm.exe|c489439d65554f2c\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004104Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.200{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\gpgsm.exe|c489439d65554f2c\LowerCaseLongPathc:\program files\git\usr\bin\gpgsm.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004103Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.184{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\gpgscm.exe|afd870348aad8e2b\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004102Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.184{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\gpgscm.exe|afd870348aad8e2b\LinkDate05/02/2023 09:09:37NT AUTHORITY\SYSTEM 13241300x80000000000000004101Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.184{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\gpgscm.exe|afd870348aad8e2b\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004100Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.184{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\gpgscm.exe|afd870348aad8e2b\LowerCaseLongPathc:\program files\git\usr\bin\gpgscm.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004099Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.184{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\gpgparsemail.exe|a1d04daf32233825\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004098Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.184{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\gpgparsemail.exe|a1d04daf32233825\LinkDate05/02/2023 09:09:37NT AUTHORITY\SYSTEM 13241300x80000000000000004097Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.184{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\gpgparsemail.exe|a1d04daf32233825\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004096Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.184{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\gpgparsemail.exe|a1d04daf32233825\LowerCaseLongPathc:\program files\git\usr\bin\gpgparsemail.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004095Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.169{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\gpgconf.exe|871b799717455ba3\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004094Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.169{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\gpgconf.exe|871b799717455ba3\LinkDate05/02/2023 09:09:37NT AUTHORITY\SYSTEM 13241300x80000000000000004093Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.169{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\gpgconf.exe|871b799717455ba3\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004092Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.169{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\gpgconf.exe|871b799717455ba3\LowerCaseLongPathc:\program files\git\usr\bin\gpgconf.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004091Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.169{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\gpg.exe|6cedb1e2633436b0\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004090Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.169{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\gpg.exe|6cedb1e2633436b0\LinkDate05/02/2023 09:09:37NT AUTHORITY\SYSTEM 13241300x80000000000000004089Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.169{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\gpg.exe|6cedb1e2633436b0\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004088Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.169{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\gpg.exe|6cedb1e2633436b0\LowerCaseLongPathc:\program files\git\usr\bin\gpg.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004087Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.153{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\gpg-wks-server.e|61034539dd4597ca\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004086Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.153{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\gpg-wks-server.e|61034539dd4597ca\LinkDate05/02/2023 09:09:36NT AUTHORITY\SYSTEM 13241300x80000000000000004085Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.153{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\gpg-wks-server.e|61034539dd4597ca\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004084Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.153{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\gpg-wks-server.e|61034539dd4597ca\LowerCaseLongPathc:\program files\git\usr\bin\gpg-wks-server.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004083Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.153{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\gpg-wks-client.e|2e2d230f1afcaaed\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004082Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.153{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\gpg-wks-client.e|2e2d230f1afcaaed\LinkDate05/02/2023 09:09:40NT AUTHORITY\SYSTEM 13241300x80000000000000004081Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.153{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\gpg-wks-client.e|2e2d230f1afcaaed\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004080Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.153{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\gpg-wks-client.e|2e2d230f1afcaaed\LowerCaseLongPathc:\program files\git\usr\lib\gnupg\gpg-wks-client.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004079Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.153{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\gpg-protect-tool|5c31ebeff73373e2\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004078Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.153{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\gpg-protect-tool|5c31ebeff73373e2\LinkDate05/02/2023 09:09:40NT AUTHORITY\SYSTEM 13241300x80000000000000004077Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.153{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\gpg-protect-tool|5c31ebeff73373e2\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004076Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.153{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\gpg-protect-tool|5c31ebeff73373e2\LowerCaseLongPathc:\program files\git\usr\lib\gnupg\gpg-protect-tool.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004075Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.137{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\gpg-preset-passp|fd30c53215b384cf\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004074Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.137{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\gpg-preset-passp|fd30c53215b384cf\LinkDate05/02/2023 09:09:39NT AUTHORITY\SYSTEM 13241300x80000000000000004073Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.137{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\gpg-preset-passp|fd30c53215b384cf\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004072Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.137{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\gpg-preset-passp|fd30c53215b384cf\LowerCaseLongPathc:\program files\git\usr\lib\gnupg\gpg-preset-passphrase.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004071Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.137{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\gpg-error.exe|5a340ac79026d48f\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004070Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.137{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\gpg-error.exe|5a340ac79026d48f\LinkDate05/02/2023 06:14:49NT AUTHORITY\SYSTEM 13241300x80000000000000004069Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.137{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\gpg-error.exe|5a340ac79026d48f\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004068Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.137{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\gpg-error.exe|5a340ac79026d48f\LowerCaseLongPathc:\program files\git\usr\bin\gpg-error.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004067Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.137{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\gpg-connect-agen|faaecb1ec9697c58\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004066Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.137{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\gpg-connect-agen|faaecb1ec9697c58\LinkDate05/02/2023 09:09:36NT AUTHORITY\SYSTEM 13241300x80000000000000004065Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.137{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\gpg-connect-agen|faaecb1ec9697c58\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004064Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.137{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\gpg-connect-agen|faaecb1ec9697c58\LowerCaseLongPathc:\program files\git\usr\bin\gpg-connect-agent.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004063Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.137{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\gpg-check-patter|e2542f724e45af1f\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004062Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.137{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\gpg-check-patter|e2542f724e45af1f\LinkDate05/02/2023 09:09:39NT AUTHORITY\SYSTEM 13241300x80000000000000004061Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.137{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\gpg-check-patter|e2542f724e45af1f\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004060Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.137{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\gpg-check-patter|e2542f724e45af1f\LowerCaseLongPathc:\program files\git\usr\lib\gnupg\gpg-check-pattern.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004059Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.122{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\gpg-agent.exe|a7286887843abc16\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004058Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.122{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\gpg-agent.exe|a7286887843abc16\LinkDate05/02/2023 09:09:36NT AUTHORITY\SYSTEM 13241300x80000000000000004057Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.122{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\gpg-agent.exe|a7286887843abc16\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004056Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.122{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\gpg-agent.exe|a7286887843abc16\LowerCaseLongPathc:\program files\git\usr\bin\gpg-agent.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004055Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.122{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\gmondump.exe|7581b15ccb19a5a1\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004054Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.122{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\gmondump.exe|7581b15ccb19a5a1\LinkDate05/18/2023 20:44:25NT AUTHORITY\SYSTEM 13241300x80000000000000004053Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.122{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\gmondump.exe|7581b15ccb19a5a1\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004052Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.122{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\gmondump.exe|7581b15ccb19a5a1\LowerCaseLongPathc:\program files\git\usr\bin\gmondump.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004051Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.122{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\gkill.exe|16f69740130f5810\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004050Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.122{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\gkill.exe|16f69740130f5810\LinkDate11/15/2022 17:18:48NT AUTHORITY\SYSTEM 13241300x80000000000000004049Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.122{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\gkill.exe|16f69740130f5810\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004048Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.122{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\gkill.exe|16f69740130f5810\LowerCaseLongPathc:\program files\git\usr\bin\gkill.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004047Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.122{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\gitlab.ui.exe|9a66482d76ed4734\BinProductVersion2.1.2.0NT AUTHORITY\SYSTEM 13241300x80000000000000004046Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.122{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\gitlab.ui.exe|9a66482d76ed4734\LinkDate12/27/2090 20:12:49NT AUTHORITY\SYSTEM 13241300x80000000000000004045Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.122{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\gitlab.ui.exe|9a66482d76ed4734\Publishergitlab.uiNT AUTHORITY\SYSTEM 13241300x80000000000000004044Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.122{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\gitlab.ui.exe|9a66482d76ed4734\LowerCaseLongPathc:\program files\git\mingw64\bin\gitlab.ui.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004043Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.122{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\gitk.exe|f586b11c21ec8a1b\BinProductVersion2.41.0.1NT AUTHORITY\SYSTEM 13241300x80000000000000004042Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.122{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\gitk.exe|f586b11c21ec8a1b\LinkDate06/01/2023 16:34:16NT AUTHORITY\SYSTEM 13241300x80000000000000004041Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.122{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\gitk.exe|f586b11c21ec8a1b\Publisherthe git development communityNT AUTHORITY\SYSTEM 13241300x80000000000000004040Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.122{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\gitk.exe|f586b11c21ec8a1b\LowerCaseLongPathc:\program files\git\cmd\gitk.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004039Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.106{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\github.ui.exe|6358465b4ca82605\BinProductVersion2.1.2.0NT AUTHORITY\SYSTEM 13241300x80000000000000004038Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.106{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\github.ui.exe|6358465b4ca82605\LinkDate04/09/2063 23:13:00NT AUTHORITY\SYSTEM 13241300x80000000000000004037Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.106{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\github.ui.exe|6358465b4ca82605\Publishergithub.uiNT AUTHORITY\SYSTEM 13241300x80000000000000004036Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.106{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\github.ui.exe|6358465b4ca82605\LowerCaseLongPathc:\program files\git\mingw64\bin\github.ui.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004035Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.106{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git.exe|f578b1fba462cbf9\BinProductVersion2.41.0.1NT AUTHORITY\SYSTEM 13241300x80000000000000004034Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.106{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git.exe|f578b1fba462cbf9\LinkDate06/01/2023 16:34:16NT AUTHORITY\SYSTEM 13241300x80000000000000004033Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.106{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git.exe|f578b1fba462cbf9\Publisherthe git development communityNT AUTHORITY\SYSTEM 13241300x80000000000000004032Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.106{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git.exe|f578b1fba462cbf9\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004031Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.091{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git.exe|ce9561cbd46d08cb\BinProductVersion2.41.0.1NT AUTHORITY\SYSTEM 13241300x80000000000000004030Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.091{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git.exe|ce9561cbd46d08cb\LinkDate06/01/2023 16:34:16NT AUTHORITY\SYSTEM 13241300x80000000000000004029Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.091{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git.exe|ce9561cbd46d08cb\Publisherthe git development communityNT AUTHORITY\SYSTEM 13241300x80000000000000004028Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.091{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git.exe|ce9561cbd46d08cb\LowerCaseLongPathc:\program files\git\bin\git.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004027Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.075{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git.exe|5a45dbb5af7f9d72\BinProductVersion2.41.0.1NT AUTHORITY\SYSTEM 13241300x80000000000000004026Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.075{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git.exe|5a45dbb5af7f9d72\LinkDate06/01/2023 16:34:16NT AUTHORITY\SYSTEM 13241300x80000000000000004025Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.075{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git.exe|5a45dbb5af7f9d72\Publisherthe git development communityNT AUTHORITY\SYSTEM 13241300x80000000000000004024Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.075{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git.exe|5a45dbb5af7f9d72\LowerCaseLongPathc:\program files\git\mingw64\bin\git.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004023Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.075{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git.exe|52b02c4a618839ad\BinProductVersion2.41.0.1NT AUTHORITY\SYSTEM 13241300x80000000000000004022Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.075{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git.exe|52b02c4a618839ad\LinkDate06/01/2023 16:34:16NT AUTHORITY\SYSTEM 13241300x80000000000000004021Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.075{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git.exe|52b02c4a618839ad\Publisherthe git development communityNT AUTHORITY\SYSTEM 13241300x80000000000000004020Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.075{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git.exe|52b02c4a618839ad\LowerCaseLongPathc:\program files\git\cmd\git.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004019Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.075{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git-wrapper.exe|76f08d89fd716e41\BinProductVersion2.41.0.1NT AUTHORITY\SYSTEM 13241300x80000000000000004018Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.075{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git-wrapper.exe|76f08d89fd716e41\LinkDate06/01/2023 16:34:16NT AUTHORITY\SYSTEM 13241300x80000000000000004017Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.075{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git-wrapper.exe|76f08d89fd716e41\Publisherthe git development communityNT AUTHORITY\SYSTEM 13241300x80000000000000004016Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.075{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git-wrapper.exe|76f08d89fd716e41\LowerCaseLongPathc:\program files\git\mingw64\share\git\git-wrapper.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004015Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.044{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git-upload-pack.|e0593a4774ace4ad\BinProductVersion2.41.0.1NT AUTHORITY\SYSTEM 13241300x80000000000000004014Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.044{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git-upload-pack.|e0593a4774ace4ad\LinkDate06/01/2023 16:34:16NT AUTHORITY\SYSTEM 13241300x80000000000000004013Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.044{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git-upload-pack.|e0593a4774ace4ad\Publisherthe git development communityNT AUTHORITY\SYSTEM 13241300x80000000000000004012Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.044{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git-upload-pack.|e0593a4774ace4ad\LowerCaseLongPathc:\program files\git\mingw64\bin\git-upload-pack.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004011Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.028{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git-upload-archi|970cdd550165a34b\BinProductVersion2.41.0.1NT AUTHORITY\SYSTEM 13241300x80000000000000004010Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.028{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git-upload-archi|970cdd550165a34b\LinkDate06/01/2023 16:34:16NT AUTHORITY\SYSTEM 13241300x80000000000000004009Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.028{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git-upload-archi|970cdd550165a34b\Publisherthe git development communityNT AUTHORITY\SYSTEM 13241300x80000000000000004008Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.028{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git-upload-archi|970cdd550165a34b\LowerCaseLongPathc:\program files\git\mingw64\bin\git-upload-archive.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004007Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.012{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git-sh-i18n--env|4053f372896ace9d\BinProductVersion2.41.0.1NT AUTHORITY\SYSTEM 13241300x80000000000000004006Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.012{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git-sh-i18n--env|4053f372896ace9d\LinkDate06/01/2023 16:34:16NT AUTHORITY\SYSTEM 13241300x80000000000000004005Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.012{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git-sh-i18n--env|4053f372896ace9d\Publisherthe git development communityNT AUTHORITY\SYSTEM 13241300x80000000000000004004Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.012{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git-sh-i18n--env|4053f372896ace9d\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-sh-i18n--envsubst.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004003Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:26.997{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git-remote-https|726221edb644a582\BinProductVersion2.41.0.1NT AUTHORITY\SYSTEM 13241300x80000000000000004002Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:26.997{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git-remote-https|726221edb644a582\LinkDate06/01/2023 16:34:16NT AUTHORITY\SYSTEM 13241300x80000000000000004001Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:26.997{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git-remote-https|726221edb644a582\Publisherthe git development communityNT AUTHORITY\SYSTEM 13241300x80000000000000004000Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:26.997{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\git-remote-https|726221edb644a582\LowerCaseLongPathc:\program files\git\mingw64\libexec\git-core\git-remote-https.exeNT AUTHORITY\SYSTEM 13241300x80000000000000005097Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:28.950{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\logtransport2.ex|c5ed30b1a2f9de9e\BinProductVersion8.8.0.7NT AUTHORITY\SYSTEM 13241300x80000000000000005096Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:28.950{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\logtransport2.ex|c5ed30b1a2f9de9e\LinkDate02/09/2023 10:29:57NT AUTHORITY\SYSTEM 13241300x80000000000000005095Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:28.950{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\logtransport2.ex|c5ed30b1a2f9de9e\Publisheradobe systems incorporatedNT AUTHORITY\SYSTEM 13241300x80000000000000005094Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:28.950{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\logtransport2.ex|c5ed30b1a2f9de9e\LowerCaseLongPathc:\program files\adobe\acrobat dc\acrobat\logtransport2.exeNT AUTHORITY\SYSTEM 13241300x80000000000000005093Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:28.935{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\fulltrustnotifie|652752bd4e28863\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000005092Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:28.935{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\fulltrustnotifie|652752bd4e28863\LinkDate09/12/2018 06:16:28NT AUTHORITY\SYSTEM 13241300x80000000000000005091Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:28.935{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\fulltrustnotifie|652752bd4e28863\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000005090Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:28.935{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\fulltrustnotifie|652752bd4e28863\LowerCaseLongPathc:\program files\adobe\acrobat dc\acrobat\rdcnotificationclient\fulltrustnotifier.exeNT AUTHORITY\SYSTEM 13241300x80000000000000005089Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:28.919{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\eula.exe|9162c3997f0fca7c\BinProductVersion23.1.20143.0NT AUTHORITY\SYSTEM 13241300x80000000000000005088Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:28.919{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\eula.exe|9162c3997f0fca7c\LinkDate04/04/2023 15:33:24NT AUTHORITY\SYSTEM 13241300x80000000000000005087Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:28.919{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\eula.exe|9162c3997f0fca7c\Publisheradobe systems incorporatedNT AUTHORITY\SYSTEM 13241300x80000000000000005086Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:28.919{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\eula.exe|9162c3997f0fca7c\LowerCaseLongPathc:\program files\adobe\acrobat dc\acrobat\eula.exeNT AUTHORITY\SYSTEM 13241300x80000000000000005085Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:28.919{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\crwindowsclients|e813387223741e86\BinProductVersion4.8.0.7NT AUTHORITY\SYSTEM 13241300x80000000000000005084Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:28.919{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\crwindowsclients|e813387223741e86\LinkDate02/22/2023 12:03:55NT AUTHORITY\SYSTEM 13241300x80000000000000005083Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:28.919{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\crwindowsclients|e813387223741e86\Publisheradobe inc.NT AUTHORITY\SYSTEM 13241300x80000000000000005082Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:28.919{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\crwindowsclients|e813387223741e86\LowerCaseLongPathc:\program files\adobe\acrobat dc\acrobat\crwindowsclientservice.exeNT AUTHORITY\SYSTEM 13241300x80000000000000005081Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:28.903{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\crlogtransport.e|4d97f6c3865b35bc\BinProductVersion4.8.0.7NT AUTHORITY\SYSTEM 13241300x80000000000000005080Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:28.903{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\crlogtransport.e|4d97f6c3865b35bc\LinkDate02/22/2023 12:05:21NT AUTHORITY\SYSTEM 13241300x80000000000000005079Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:28.903{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\crlogtransport.e|4d97f6c3865b35bc\Publisheradobe inc.NT AUTHORITY\SYSTEM 13241300x80000000000000005078Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:28.903{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\crlogtransport.e|4d97f6c3865b35bc\LowerCaseLongPathc:\program files\adobe\acrobat dc\acrobat\crlogtransport.exeNT AUTHORITY\SYSTEM 13241300x80000000000000005077Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:28.903{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\adobecollabsync.|d4d88c08129c31ce\BinProductVersion23.3.20215.0NT AUTHORITY\SYSTEM 13241300x80000000000000005076Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:28.903{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\adobecollabsync.|d4d88c08129c31ce\LinkDate06/14/2023 17:52:37NT AUTHORITY\SYSTEM 13241300x80000000000000005075Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:28.903{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\adobecollabsync.|d4d88c08129c31ce\Publisheradobe systems incorporatedNT AUTHORITY\SYSTEM 13241300x80000000000000005074Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:28.903{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\adobecollabsync.|d4d88c08129c31ce\LowerCaseLongPathc:\program files\adobe\acrobat dc\acrobat\adobecollabsync.exeNT AUTHORITY\SYSTEM 13241300x80000000000000005073Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:28.825{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\adobearmhelper.e|3ef49f253f459a84\BinProductVersion1.824.460.1047NT AUTHORITY\SYSTEM 13241300x80000000000000005072Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:28.825{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\adobearmhelper.e|3ef49f253f459a84\LinkDate04/04/2023 04:07:02NT AUTHORITY\SYSTEM 13241300x80000000000000005071Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:28.825{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\adobearmhelper.e|3ef49f253f459a84\Publisheradobe inc.NT AUTHORITY\SYSTEM 13241300x80000000000000005070Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:28.825{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\adobearmhelper.e|3ef49f253f459a84\LowerCaseLongPathc:\program files (x86)\common files\adobe\arm\1.0\adobearmhelper.exeNT AUTHORITY\SYSTEM 13241300x80000000000000005069Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:28.810{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\adobearm.exe|3ede07e8bccff6b5\BinProductVersion1.824.460.1047NT AUTHORITY\SYSTEM 13241300x80000000000000005068Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:28.810{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\adobearm.exe|3ede07e8bccff6b5\LinkDate04/04/2023 04:07:43NT AUTHORITY\SYSTEM 13241300x80000000000000005067Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:28.810{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\adobearm.exe|3ede07e8bccff6b5\Publisheradobe inc.NT AUTHORITY\SYSTEM 13241300x80000000000000005066Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:28.810{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\adobearm.exe|3ede07e8bccff6b5\LowerCaseLongPathc:\program files (x86)\common files\adobe\arm\1.0\adobearm.exeNT AUTHORITY\SYSTEM 13241300x80000000000000005065Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:28.794{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\adelrcp.exe|c7c5a661b81b8592\BinProductVersion23.3.20201.0NT AUTHORITY\SYSTEM 13241300x80000000000000005064Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:28.794{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\adelrcp.exe|c7c5a661b81b8592\LinkDate06/04/2023 02:00:46NT AUTHORITY\SYSTEM 13241300x80000000000000005063Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:28.794{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\adelrcp.exe|c7c5a661b81b8592\Publisheradobe systems, inc.NT AUTHORITY\SYSTEM 13241300x80000000000000005062Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:28.794{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\adelrcp.exe|c7c5a661b81b8592\LowerCaseLongPathc:\program files\adobe\acrobat dc\acrobat\adelrcp.exeNT AUTHORITY\SYSTEM 13241300x80000000000000005061Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:28.794{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\acrotextextracto|ea64d71d578b7fe2\BinProductVersion23.3.20215.0NT AUTHORITY\SYSTEM 13241300x80000000000000005060Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:28.794{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\acrotextextracto|ea64d71d578b7fe2\LinkDate06/14/2023 18:04:15NT AUTHORITY\SYSTEM 13241300x80000000000000005059Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:28.794{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\acrotextextracto|ea64d71d578b7fe2\Publisheradobe systems incorporatedNT AUTHORITY\SYSTEM 13241300x80000000000000005058Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:28.794{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\acrotextextracto|ea64d71d578b7fe2\LowerCaseLongPathc:\program files\adobe\acrobat dc\acrobat\acrotextextractor.exeNT AUTHORITY\SYSTEM 13241300x80000000000000005057Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:28.794{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\acrocef.exe|b06220f66fc013c5\BinProductVersion23.3.20215.0NT AUTHORITY\SYSTEM 13241300x80000000000000005056Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:28.794{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\acrocef.exe|b06220f66fc013c5\LinkDate06/14/2023 18:15:40NT AUTHORITY\SYSTEM 13241300x80000000000000005055Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:28.794{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\acrocef.exe|b06220f66fc013c5\Publisheradobe systems incorporatedNT AUTHORITY\SYSTEM 13241300x80000000000000005054Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:28.794{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\acrocef.exe|b06220f66fc013c5\LowerCaseLongPathc:\program files\adobe\acrobat dc\acrobat\acrocef\acrocef.exeNT AUTHORITY\SYSTEM 13241300x80000000000000005053Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:28.763{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\acrobroker.exe|6329e162a2b63e0e\BinProductVersion23.1.20143.0NT AUTHORITY\SYSTEM 13241300x80000000000000005052Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:28.763{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\acrobroker.exe|6329e162a2b63e0e\LinkDate04/04/2023 15:50:43NT AUTHORITY\SYSTEM 13241300x80000000000000005051Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:28.763{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\acrobroker.exe|6329e162a2b63e0e\Publisheradobe systems incorporatedNT AUTHORITY\SYSTEM 13241300x80000000000000005050Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:28.763{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\acrobroker.exe|6329e162a2b63e0e\LowerCaseLongPathc:\program files\adobe\acrobat dc\acrobat\acrobroker.exeNT AUTHORITY\SYSTEM 13241300x80000000000000005049Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:28.732{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\acrobat_sl.exe|7c008e8932ab2edd\BinProductVersion22.3.20310.0NT AUTHORITY\SYSTEM 13241300x80000000000000005048Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:28.732{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\acrobat_sl.exe|7c008e8932ab2edd\LinkDate12/24/2022 02:06:20NT AUTHORITY\SYSTEM 13241300x80000000000000005047Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:28.732{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\acrobat_sl.exe|7c008e8932ab2edd\Publisheradobe systems incorporatedNT AUTHORITY\SYSTEM 13241300x80000000000000005046Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:28.732{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\acrobat_sl.exe|7c008e8932ab2edd\LowerCaseLongPathc:\program files\adobe\acrobat dc\acrobat\acrobat_sl.exeNT AUTHORITY\SYSTEM 13241300x80000000000000005045Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:28.732{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\acrobatinfo.exe|594728bcf3f37f36\BinProductVersion23.3.20215.0NT AUTHORITY\SYSTEM 13241300x80000000000000005044Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:28.732{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\acrobatinfo.exe|594728bcf3f37f36\LinkDate06/14/2023 17:50:29NT AUTHORITY\SYSTEM 13241300x80000000000000005043Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:28.732{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\acrobatinfo.exe|594728bcf3f37f36\Publisheradobe systems incorporatedNT AUTHORITY\SYSTEM 13241300x80000000000000005042Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:28.732{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\acrobatinfo.exe|594728bcf3f37f36\LowerCaseLongPathc:\program files\adobe\acrobat dc\acrobat\acrobatinfo.exeNT AUTHORITY\SYSTEM 13241300x80000000000000005041Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:28.732{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\acrobat.exe|daa6b847c00cd74c\BinProductVersion23.3.20215.0NT AUTHORITY\SYSTEM 13241300x80000000000000005040Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:28.732{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\acrobat.exe|daa6b847c00cd74c\LinkDate06/14/2023 19:18:43NT AUTHORITY\SYSTEM 13241300x80000000000000005039Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:28.732{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\acrobat.exe|daa6b847c00cd74c\Publisheradobe systems incorporatedNT AUTHORITY\SYSTEM 13241300x80000000000000005038Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:28.732{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\acrobat.exe|daa6b847c00cd74c\LowerCaseLongPathc:\program files\adobe\acrobat dc\acrobat\x86\acrobat\acrobat.exeNT AUTHORITY\SYSTEM 13241300x80000000000000005037Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:28.700{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\acrobat.exe|2cc4ca75108a6694\BinProductVersion23.3.20215.0NT AUTHORITY\SYSTEM 13241300x80000000000000005036Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:28.700{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\acrobat.exe|2cc4ca75108a6694\LinkDate06/14/2023 19:34:47NT AUTHORITY\SYSTEM 13241300x80000000000000005035Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:28.700{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\acrobat.exe|2cc4ca75108a6694\Publisheradobe systems incorporatedNT AUTHORITY\SYSTEM 13241300x80000000000000005034Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:28.700{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\acrobat.exe|2cc4ca75108a6694\LowerCaseLongPathc:\program files\adobe\acrobat dc\acrobat\acrobat.exeNT AUTHORITY\SYSTEM 13241300x80000000000000005033Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:28.638{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\64bitmapibroker.|bb4b13b2a0e847f7\BinProductVersion23.3.20201.0NT AUTHORITY\SYSTEM 13241300x80000000000000005032Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:28.638{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\64bitmapibroker.|bb4b13b2a0e847f7\LinkDate06/04/2023 00:59:29NT AUTHORITY\SYSTEM 13241300x80000000000000005031Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:28.638{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\64bitmapibroker.|bb4b13b2a0e847f7\Publisheradobe systems incorporatedNT AUTHORITY\SYSTEM 13241300x80000000000000005030Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:28.638{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\64bitmapibroker.|bb4b13b2a0e847f7\LowerCaseLongPathc:\program files\adobe\acrobat dc\acrobat\plug_ins\pi_brokers\64bitmapibroker.exeNT AUTHORITY\SYSTEM 13241300x80000000000000005029Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:28.622{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\32bitmapibroker.|7c94cd198d03999\BinProductVersion23.3.20201.0NT AUTHORITY\SYSTEM 13241300x80000000000000005028Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:28.622{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\32bitmapibroker.|7c94cd198d03999\LinkDate06/04/2023 00:59:17NT AUTHORITY\SYSTEM 13241300x80000000000000005027Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:28.622{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\32bitmapibroker.|7c94cd198d03999\Publisheradobe systems incorporatedNT AUTHORITY\SYSTEM 13241300x80000000000000005026Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:28.622{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\32bitmapibroker.|7c94cd198d03999\LowerCaseLongPathc:\program files\adobe\acrobat dc\acrobat\plug_ins\pi_brokers\32bitmapibroker.exeNT AUTHORITY\SYSTEM 13241300x80000000000000005025Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:28.607{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\pythonw.exe|e4a6f116af04546a\BinProductVersion3.11.4150.1013NT AUTHORITY\SYSTEM 13241300x80000000000000005024Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:28.607{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\pythonw.exe|e4a6f116af04546a\LinkDate06/07/2023 05:48:25NT AUTHORITY\SYSTEM 13241300x80000000000000005023Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:28.607{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\pythonw.exe|e4a6f116af04546a\Publisherpython software foundationNT AUTHORITY\SYSTEM 13241300x80000000000000005022Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:28.607{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\pythonw.exe|e4a6f116af04546a\LowerCaseLongPathc:\python311\pythonw.exeNT AUTHORITY\SYSTEM 13241300x80000000000000005021Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:28.607{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\python.exe|49a419ff05c41537\BinProductVersion3.11.4150.1013NT AUTHORITY\SYSTEM 13241300x80000000000000005020Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:28.607{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\python.exe|49a419ff05c41537\LinkDate06/07/2023 05:48:24NT AUTHORITY\SYSTEM 13241300x80000000000000005019Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:28.607{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\python.exe|49a419ff05c41537\Publisherpython software foundationNT AUTHORITY\SYSTEM 13241300x80000000000000005018Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:28.607{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\python.exe|49a419ff05c41537\LowerCaseLongPathc:\python311\python.exeNT AUTHORITY\SYSTEM 13241300x80000000000000005017Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:28.607{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\pyw.exe|5f03342bb9a9928a\BinProductVersion3.11.4150.1013NT AUTHORITY\SYSTEM 13241300x80000000000000005016Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:28.607{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\pyw.exe|5f03342bb9a9928a\LinkDate06/07/2023 05:31:23NT AUTHORITY\SYSTEM 13241300x80000000000000005015Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:28.607{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\pyw.exe|5f03342bb9a9928a\Publisherpython software foundationNT AUTHORITY\SYSTEM 13241300x80000000000000005014Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:28.607{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\pyw.exe|5f03342bb9a9928a\LowerCaseLongPathc:\windows\pyw.exeNT AUTHORITY\SYSTEM 13241300x80000000000000005013Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:28.591{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\py.exe|ddc00304deaa34f3\BinProductVersion3.11.4150.1013NT AUTHORITY\SYSTEM 13241300x80000000000000005012Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:28.591{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\py.exe|ddc00304deaa34f3\LinkDate06/07/2023 05:31:23NT AUTHORITY\SYSTEM 13241300x80000000000000005011Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:28.591{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\py.exe|ddc00304deaa34f3\Publisherpython software foundationNT AUTHORITY\SYSTEM 13241300x80000000000000005010Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:28.591{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\py.exe|ddc00304deaa34f3\LowerCaseLongPathc:\windows\py.exeNT AUTHORITY\SYSTEM 13241300x80000000000000005009Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:28.560{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplication\00000af2c4072ca0a892a998ab64956929780000ffff\PublisherThe Git Development CommunityNT AUTHORITY\SYSTEM 13241300x80000000000000005008Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:28.560{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\[.exe|b6eac39997c90239\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000005007Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:28.560{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\[.exe|b6eac39997c90239\LinkDate11/15/2022 17:19:09NT AUTHORITY\SYSTEM 13241300x80000000000000005006Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:28.560{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\[.exe|b6eac39997c90239\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000005005Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:28.560{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\[.exe|b6eac39997c90239\LowerCaseLongPathc:\program files\git\usr\bin\[.exeNT AUTHORITY\SYSTEM 13241300x80000000000000005004Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:28.560{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\zipinfo.exe|221fb78378e3082e\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000005003Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:28.560{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\zipinfo.exe|221fb78378e3082e\LinkDate05/08/2031 18:06:26NT AUTHORITY\SYSTEM 13241300x80000000000000005002Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:28.560{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\zipinfo.exe|221fb78378e3082e\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000005001Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:28.560{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\zipinfo.exe|221fb78378e3082e\LowerCaseLongPathc:\program files\git\usr\bin\zipinfo.exeNT AUTHORITY\SYSTEM 13241300x80000000000000005000Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:28.544{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\yes.exe|101013f8ea4cecdc\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004999Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:28.544{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\yes.exe|101013f8ea4cecdc\LinkDate11/15/2022 17:19:09NT AUTHORITY\SYSTEM 13241300x80000000000000004998Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:28.544{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\yes.exe|101013f8ea4cecdc\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004997Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:28.544{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\yes.exe|101013f8ea4cecdc\LowerCaseLongPathc:\program files\git\usr\bin\yes.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004996Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:28.544{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\yat2m.exe|e602d782765213bc\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004995Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:28.544{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\yat2m.exe|e602d782765213bc\LinkDate05/02/2023 06:14:50NT AUTHORITY\SYSTEM 13241300x80000000000000004994Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:28.544{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\yat2m.exe|e602d782765213bc\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004993Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:28.544{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\yat2m.exe|e602d782765213bc\LowerCaseLongPathc:\program files\git\usr\bin\yat2m.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004992Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:28.544{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\xzdec.exe|aa41a1b6191a17c5\BinProductVersion5.4.3.0NT AUTHORITY\SYSTEM 13241300x80000000000000004991Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:28.544{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\xzdec.exe|aa41a1b6191a17c5\LinkDate05/05/2023 14:54:54NT AUTHORITY\SYSTEM 13241300x80000000000000004990Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:28.544{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\xzdec.exe|aa41a1b6191a17c5\Publisherthe tukaani project <https://tukaani.org/>NT AUTHORITY\SYSTEM 13241300x80000000000000004989Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:28.544{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\xzdec.exe|aa41a1b6191a17c5\LowerCaseLongPathc:\program files\git\mingw64\bin\xzdec.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004988Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:28.544{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\xzcat.exe|6c454d521625ef75\BinProductVersion5.4.3.0NT AUTHORITY\SYSTEM 13241300x80000000000000004987Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:28.544{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\xzcat.exe|6c454d521625ef75\LinkDate05/05/2023 14:54:54NT AUTHORITY\SYSTEM 13241300x80000000000000004986Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:28.544{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\xzcat.exe|6c454d521625ef75\Publisherthe tukaani project <https://tukaani.org/>NT AUTHORITY\SYSTEM 13241300x80000000000000004985Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:28.544{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\xzcat.exe|6c454d521625ef75\LowerCaseLongPathc:\program files\git\mingw64\bin\xzcat.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004984Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:28.544{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\xz.exe|f5dd0ac934ca84a7\BinProductVersion5.4.3.0NT AUTHORITY\SYSTEM 13241300x80000000000000004983Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:28.544{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\xz.exe|f5dd0ac934ca84a7\LinkDate05/05/2023 14:54:54NT AUTHORITY\SYSTEM 13241300x80000000000000004982Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:28.544{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\xz.exe|f5dd0ac934ca84a7\Publisherthe tukaani project <https://tukaani.org/>NT AUTHORITY\SYSTEM 13241300x80000000000000004981Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:28.544{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\xz.exe|f5dd0ac934ca84a7\LowerCaseLongPathc:\program files\git\mingw64\bin\xz.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004980Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:28.544{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\xxd.exe|ec817b4721384459\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004979Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:28.544{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\xxd.exe|ec817b4721384459\LinkDate03/13/2023 19:58:44NT AUTHORITY\SYSTEM 13241300x80000000000000004978Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:28.544{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\xxd.exe|ec817b4721384459\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004977Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:28.544{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\xxd.exe|ec817b4721384459\LowerCaseLongPathc:\program files\git\usr\bin\xxd.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004976Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:28.544{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\xmlwf.exe|db82f10a63bc087f\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004975Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:28.544{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\xmlwf.exe|db82f10a63bc087f\LinkDate11/03/2022 14:16:53NT AUTHORITY\SYSTEM 13241300x80000000000000004974Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:28.544{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\xmlwf.exe|db82f10a63bc087f\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004973Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:28.544{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\xmlwf.exe|db82f10a63bc087f\LowerCaseLongPathc:\program files\git\mingw64\bin\xmlwf.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004972Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:28.528{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\xgettext.exe|d70e9fbf1e3251f9\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004971Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:28.528{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\xgettext.exe|d70e9fbf1e3251f9\LinkDate01/01/1970 00:00:00NT AUTHORITY\SYSTEM 13241300x80000000000000004970Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:28.528{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\xgettext.exe|d70e9fbf1e3251f9\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004969Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:28.528{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\xgettext.exe|d70e9fbf1e3251f9\LowerCaseLongPathc:\program files\git\usr\bin\xgettext.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004968Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:28.528{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\xargs.exe|b26b4866fba2ace6\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004967Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:28.528{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\xargs.exe|b26b4866fba2ace6\LinkDate01/01/1970 00:00:00NT AUTHORITY\SYSTEM 13241300x80000000000000004966Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:28.528{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\xargs.exe|b26b4866fba2ace6\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004965Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:28.528{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\xargs.exe|b26b4866fba2ace6\LowerCaseLongPathc:\program files\git\usr\bin\xargs.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004964Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:28.528{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\x86_64-w64-mingw|721349a4c3d19334\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004963Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:28.528{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\x86_64-w64-mingw|721349a4c3d19334\LinkDate01/01/1970 00:00:00NT AUTHORITY\SYSTEM 13241300x80000000000000004962Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:28.528{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\x86_64-w64-mingw|721349a4c3d19334\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004961Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:28.528{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\x86_64-w64-mingw|721349a4c3d19334\LowerCaseLongPathc:\program files\git\mingw64\bin\x86_64-w64-mingw32-agrep.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004960Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:28.528{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\wish86.exe|b43e477f47c04c0d\BinProductVersion8.6.2.12NT AUTHORITY\SYSTEM 13241300x80000000000000004959Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:28.528{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\wish86.exe|b43e477f47c04c0d\LinkDate09/24/2022 10:44:56NT AUTHORITY\SYSTEM 13241300x80000000000000004958Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:28.528{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\wish86.exe|b43e477f47c04c0d\Publisheractivestate corporationNT AUTHORITY\SYSTEM 13241300x80000000000000004957Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:28.528{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\wish86.exe|b43e477f47c04c0d\LowerCaseLongPathc:\program files\git\mingw64\bin\wish86.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004956Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:28.528{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\wish.exe|387f467bcbc945b9\BinProductVersion8.6.2.12NT AUTHORITY\SYSTEM 13241300x80000000000000004955Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:28.528{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\wish.exe|387f467bcbc945b9\LinkDate09/24/2022 10:44:56NT AUTHORITY\SYSTEM 13241300x80000000000000004954Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:28.528{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\wish.exe|387f467bcbc945b9\Publisheractivestate corporationNT AUTHORITY\SYSTEM 13241300x80000000000000004953Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:28.528{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\wish.exe|387f467bcbc945b9\LowerCaseLongPathc:\program files\git\mingw64\bin\wish.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004952Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:28.513{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\wintoast.exe|a56a902040daad41\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004951Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:28.513{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\wintoast.exe|a56a902040daad41\LinkDate11/03/2022 13:15:48NT AUTHORITY\SYSTEM 13241300x80000000000000004950Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:28.513{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\wintoast.exe|a56a902040daad41\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004949Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:28.513{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\wintoast.exe|a56a902040daad41\LowerCaseLongPathc:\program files\git\mingw64\bin\wintoast.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004948Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:28.513{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\winpty.exe|b62f1084964abfa7\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004947Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:28.513{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\winpty.exe|b62f1084964abfa7\LinkDate06/19/2025 15:30:53NT AUTHORITY\SYSTEM 13241300x80000000000000004946Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:28.513{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\winpty.exe|b62f1084964abfa7\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004945Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:28.513{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\winpty.exe|b62f1084964abfa7\LowerCaseLongPathc:\program files\git\usr\bin\winpty.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004944Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:28.481{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\winpty-debugserv|fa3a25afb3dba9c5\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004943Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:28.481{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\winpty-debugserv|fa3a25afb3dba9c5\LinkDate05/08/2031 18:06:26NT AUTHORITY\SYSTEM 13241300x80000000000000004942Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:28.481{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\winpty-debugserv|fa3a25afb3dba9c5\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004941Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:28.481{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\winpty-debugserv|fa3a25afb3dba9c5\LowerCaseLongPathc:\program files\git\usr\bin\winpty-debugserver.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004940Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:28.466{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\winpty-agent.exe|f42c4e896f998b23\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004939Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:28.466{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\winpty-agent.exe|f42c4e896f998b23\LinkDate05/08/2031 18:06:26NT AUTHORITY\SYSTEM 13241300x80000000000000004938Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:28.466{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\winpty-agent.exe|f42c4e896f998b23\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004937Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:28.466{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\winpty-agent.exe|f42c4e896f998b23\LowerCaseLongPathc:\program files\git\usr\bin\winpty-agent.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004936Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:28.466{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\whouses.exe|112098ea380b8223\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004935Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:28.466{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\whouses.exe|112098ea380b8223\LinkDate05/01/2023 20:06:59NT AUTHORITY\SYSTEM 13241300x80000000000000004934Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:28.466{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\whouses.exe|112098ea380b8223\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004933Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:28.466{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\whouses.exe|112098ea380b8223\LowerCaseLongPathc:\program files\git\mingw64\bin\whouses.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004932Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:28.450{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\whoami.exe|db400e84413562a4\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004931Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:28.450{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\whoami.exe|db400e84413562a4\LinkDate11/15/2022 17:19:08NT AUTHORITY\SYSTEM 13241300x80000000000000004930Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:28.450{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\whoami.exe|db400e84413562a4\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004929Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:28.450{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\whoami.exe|db400e84413562a4\LowerCaseLongPathc:\program files\git\usr\bin\whoami.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004928Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:28.450{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\who.exe|cb672bc7f4c40afb\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004927Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:28.450{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\who.exe|cb672bc7f4c40afb\LinkDate11/15/2022 17:19:08NT AUTHORITY\SYSTEM 13241300x80000000000000004926Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:28.450{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\who.exe|cb672bc7f4c40afb\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004925Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:28.450{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\who.exe|cb672bc7f4c40afb\LowerCaseLongPathc:\program files\git\usr\bin\who.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004924Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:28.450{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\which.exe|fd8a97b7fcb2af43\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004923Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:28.450{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\which.exe|fd8a97b7fcb2af43\LinkDate01/01/1970 00:00:00NT AUTHORITY\SYSTEM 13241300x80000000000000004922Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:28.450{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\which.exe|fd8a97b7fcb2af43\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004921Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:28.450{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\which.exe|fd8a97b7fcb2af43\LowerCaseLongPathc:\program files\git\usr\bin\which.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004920Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:28.450{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\wc.exe|8047af858fdb6703\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004919Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:28.450{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\wc.exe|8047af858fdb6703\LinkDate11/15/2022 17:19:08NT AUTHORITY\SYSTEM 13241300x80000000000000004918Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:28.450{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\wc.exe|8047af858fdb6703\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004917Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:28.450{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\wc.exe|8047af858fdb6703\LowerCaseLongPathc:\program files\git\usr\bin\wc.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004916Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:28.435{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\watchgnupg.exe|4fab39cd9f6ffe71\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004915Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:28.435{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\watchgnupg.exe|4fab39cd9f6ffe71\LinkDate05/02/2023 09:09:39NT AUTHORITY\SYSTEM 13241300x80000000000000004914Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:28.435{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\watchgnupg.exe|4fab39cd9f6ffe71\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004913Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:28.435{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\watchgnupg.exe|4fab39cd9f6ffe71\LowerCaseLongPathc:\program files\git\usr\bin\watchgnupg.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004912Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:28.435{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\vimdiff.exe|67340c9152f6152c\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004911Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:28.435{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\vimdiff.exe|67340c9152f6152c\LinkDate03/13/2023 19:58:43NT AUTHORITY\SYSTEM 13241300x80000000000000004910Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:28.435{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\vimdiff.exe|67340c9152f6152c\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004909Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:28.435{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\vimdiff.exe|67340c9152f6152c\LowerCaseLongPathc:\program files\git\usr\bin\vimdiff.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004908Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:28.419{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\vim.exe|43ed39053a824d04\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004907Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:28.419{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\vim.exe|43ed39053a824d04\LinkDate03/13/2023 19:58:42NT AUTHORITY\SYSTEM 13241300x80000000000000004906Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:28.419{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\vim.exe|43ed39053a824d04\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004905Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:28.419{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\vim.exe|43ed39053a824d04\LowerCaseLongPathc:\program files\git\usr\bin\vim.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004904Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:28.388{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\view.exe|904157a959d595c9\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004903Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:28.388{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\view.exe|904157a959d595c9\LinkDate03/13/2023 19:58:42NT AUTHORITY\SYSTEM 13241300x80000000000000004902Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:28.388{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\view.exe|904157a959d595c9\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004901Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:28.388{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\view.exe|904157a959d595c9\LowerCaseLongPathc:\program files\git\usr\bin\view.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004900Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:28.356{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\vdir.exe|d36f5c65563e728d\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004899Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:28.356{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\vdir.exe|d36f5c65563e728d\LinkDate11/15/2022 17:19:07NT AUTHORITY\SYSTEM 13241300x80000000000000004898Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:28.356{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\vdir.exe|d36f5c65563e728d\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004897Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:28.356{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\vdir.exe|d36f5c65563e728d\LowerCaseLongPathc:\program files\git\usr\bin\vdir.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004896Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:28.356{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\users.exe|4d383589d66a4050\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004895Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:28.356{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\users.exe|4d383589d66a4050\LinkDate11/15/2022 17:19:07NT AUTHORITY\SYSTEM 13241300x80000000000000004894Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:28.356{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\users.exe|4d383589d66a4050\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004893Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:28.356{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\users.exe|4d383589d66a4050\LowerCaseLongPathc:\program files\git\usr\bin\users.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004892Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:28.356{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\urlget.exe|b1ac3fe6098df4f3\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004891Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:28.356{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\urlget.exe|b1ac3fe6098df4f3\LinkDate01/01/1970 00:00:00NT AUTHORITY\SYSTEM 13241300x80000000000000004890Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:28.356{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\urlget.exe|b1ac3fe6098df4f3\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004889Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:28.356{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\urlget.exe|b1ac3fe6098df4f3\LowerCaseLongPathc:\program files\git\usr\lib\gettext\urlget.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004888Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:28.341{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\unzipsfx.exe|f11926d1b5caa9e4\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004887Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:28.341{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\unzipsfx.exe|f11926d1b5caa9e4\LinkDate05/08/2031 18:06:26NT AUTHORITY\SYSTEM 13241300x80000000000000004886Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:28.341{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\unzipsfx.exe|f11926d1b5caa9e4\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004885Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:28.341{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\unzipsfx.exe|f11926d1b5caa9e4\LowerCaseLongPathc:\program files\git\usr\bin\unzipsfx.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004884Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:28.341{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\unzip.exe|678f320572a2cac0\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004883Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:28.341{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\unzip.exe|678f320572a2cac0\LinkDate05/08/2031 18:06:26NT AUTHORITY\SYSTEM 13241300x80000000000000004882Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:28.341{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\unzip.exe|678f320572a2cac0\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004881Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:28.341{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\unzip.exe|678f320572a2cac0\LowerCaseLongPathc:\program files\git\usr\bin\unzip.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004880Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:28.310{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\unxz.exe|af430565744d9629\BinProductVersion5.4.3.0NT AUTHORITY\SYSTEM 13241300x80000000000000004879Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:28.310{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\unxz.exe|af430565744d9629\LinkDate05/05/2023 14:54:54NT AUTHORITY\SYSTEM 13241300x80000000000000004878Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:28.310{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\unxz.exe|af430565744d9629\Publisherthe tukaani project <https://tukaani.org/>NT AUTHORITY\SYSTEM 13241300x80000000000000004877Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:28.310{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\unxz.exe|af430565744d9629\LowerCaseLongPathc:\program files\git\mingw64\bin\unxz.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004876Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:28.294{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\unlink.exe|8905006f80ba665e\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004875Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:28.294{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\unlink.exe|8905006f80ba665e\LinkDate11/15/2022 17:19:07NT AUTHORITY\SYSTEM 13241300x80000000000000004874Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:28.294{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\unlink.exe|8905006f80ba665e\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004873Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:28.294{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\unlink.exe|8905006f80ba665e\LowerCaseLongPathc:\program files\git\usr\bin\unlink.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004872Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:28.294{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\unix2mac.exe|ce61a10675030bc2\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004871Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:28.294{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\unix2mac.exe|ce61a10675030bc2\LinkDate05/18/2023 20:45:18NT AUTHORITY\SYSTEM 13241300x80000000000000004870Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:28.294{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\unix2mac.exe|ce61a10675030bc2\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004869Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:28.294{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\unix2mac.exe|ce61a10675030bc2\LowerCaseLongPathc:\program files\git\usr\bin\unix2mac.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004868Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:28.294{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\unix2dos.exe|d30cb63cbe1e2952\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004867Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:28.294{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\unix2dos.exe|d30cb63cbe1e2952\LinkDate05/18/2023 20:45:18NT AUTHORITY\SYSTEM 13241300x80000000000000004866Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:28.294{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\unix2dos.exe|d30cb63cbe1e2952\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004865Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:28.294{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\unix2dos.exe|d30cb63cbe1e2952\LowerCaseLongPathc:\program files\git\usr\bin\unix2dos.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004864Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:28.294{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\uniq.exe|4d8db7f943d46212\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004863Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:28.294{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\uniq.exe|4d8db7f943d46212\LinkDate11/15/2022 17:19:07NT AUTHORITY\SYSTEM 13241300x80000000000000004862Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:28.294{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\uniq.exe|4d8db7f943d46212\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004861Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:28.294{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\uniq.exe|4d8db7f943d46212\LowerCaseLongPathc:\program files\git\usr\bin\uniq.exeNT AUTHORITY\SYSTEM 154100x80000000000000004860Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:29:28.298{08CB57FB-C168-64AB-C800-00000000FA02}1184C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.5Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=513972A5A10DC2984285F0B15171C10E,SHA256=B025CC16487F6B5B1D63E7080172856F56A669764AF01CCE8C06B4CFDECCD682,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 13241300x80000000000000004859Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:28.278{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\unins000.exe|53f54630e98a3bb8\BinProductVersion2.41.0.1NT AUTHORITY\SYSTEM 13241300x80000000000000004858Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:28.278{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\unins000.exe|53f54630e98a3bb8\LinkDate02/15/2023 14:54:17NT AUTHORITY\SYSTEM 13241300x80000000000000004857Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:28.278{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\unins000.exe|53f54630e98a3bb8\Publisherthe git development community NT AUTHORITY\SYSTEM 13241300x80000000000000004856Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:28.278{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\unins000.exe|53f54630e98a3bb8\LowerCaseLongPathc:\program files\git\unins000.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004855Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:28.263{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\unexpand.exe|4aa0be7d58d7a70e\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004854Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:28.263{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\unexpand.exe|4aa0be7d58d7a70e\LinkDate11/15/2022 17:19:06NT AUTHORITY\SYSTEM 13241300x80000000000000004853Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:28.263{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\unexpand.exe|4aa0be7d58d7a70e\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004852Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:28.263{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\unexpand.exe|4aa0be7d58d7a70e\LowerCaseLongPathc:\program files\git\usr\bin\unexpand.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004851Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:28.263{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\uname.exe|aa1eb9eb8d6d257c\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004850Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:28.263{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\uname.exe|aa1eb9eb8d6d257c\LinkDate11/15/2022 17:19:06NT AUTHORITY\SYSTEM 13241300x80000000000000004849Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:28.263{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\uname.exe|aa1eb9eb8d6d257c\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004848Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:28.263{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\uname.exe|aa1eb9eb8d6d257c\LowerCaseLongPathc:\program files\git\usr\bin\uname.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004847Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:28.231{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\umount.exe|7b6c7cea428daaaa\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004846Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:28.231{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\umount.exe|7b6c7cea428daaaa\LinkDate05/18/2023 20:44:27NT AUTHORITY\SYSTEM 13241300x80000000000000004845Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:28.231{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\umount.exe|7b6c7cea428daaaa\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004844Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:28.231{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\umount.exe|7b6c7cea428daaaa\LowerCaseLongPathc:\program files\git\usr\bin\umount.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004843Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:28.231{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\u2d.exe|757aee4677b2e42f\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004842Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:28.231{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\u2d.exe|757aee4677b2e42f\LinkDate05/18/2023 20:45:18NT AUTHORITY\SYSTEM 13241300x80000000000000004841Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:28.231{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\u2d.exe|757aee4677b2e42f\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004840Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:28.231{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\u2d.exe|757aee4677b2e42f\LowerCaseLongPathc:\program files\git\usr\bin\u2d.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004839Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:28.231{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\tzset.exe|6044895f1b845eb4\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004838Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:28.231{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\tzset.exe|6044895f1b845eb4\LinkDate05/18/2023 20:44:27NT AUTHORITY\SYSTEM 13241300x80000000000000004837Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:28.231{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\tzset.exe|6044895f1b845eb4\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004836Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:28.231{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\tzset.exe|6044895f1b845eb4\LowerCaseLongPathc:\program files\git\usr\bin\tzset.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004835Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:28.231{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\tty.exe|f000538bcc1d4307\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004834Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:28.231{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\tty.exe|f000538bcc1d4307\LinkDate11/15/2022 17:19:06NT AUTHORITY\SYSTEM 13241300x80000000000000004833Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:28.231{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\tty.exe|f000538bcc1d4307\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004832Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:28.231{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\tty.exe|f000538bcc1d4307\LowerCaseLongPathc:\program files\git\usr\bin\tty.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004831Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:28.216{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\tsort.exe|cfc2b8bfaeea292f\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004830Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:28.216{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\tsort.exe|cfc2b8bfaeea292f\LinkDate11/15/2022 17:19:06NT AUTHORITY\SYSTEM 13241300x80000000000000004829Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:28.216{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\tsort.exe|cfc2b8bfaeea292f\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004828Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:28.216{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\tsort.exe|cfc2b8bfaeea292f\LowerCaseLongPathc:\program files\git\usr\bin\tsort.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004827Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:28.216{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\tset.exe|9472efe3f6c3d05\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004826Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:28.216{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\tset.exe|9472efe3f6c3d05\LinkDate01/29/2023 10:00:17NT AUTHORITY\SYSTEM 13241300x80000000000000004825Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:28.216{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\tset.exe|9472efe3f6c3d05\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004824Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:28.216{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\tset.exe|9472efe3f6c3d05\LowerCaseLongPathc:\program files\git\usr\bin\tset.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004823Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:28.216{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\trust.exe|f023a445426ea5a\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004822Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:28.216{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\trust.exe|f023a445426ea5a\LinkDate03/12/2023 09:20:43NT AUTHORITY\SYSTEM 13241300x80000000000000004821Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:28.216{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\trust.exe|f023a445426ea5a\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004820Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:28.216{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\trust.exe|f023a445426ea5a\LowerCaseLongPathc:\program files\git\mingw64\bin\trust.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004819Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:28.216{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\trust.exe|8799eae1c6ff22d6\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004818Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:28.216{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\trust.exe|8799eae1c6ff22d6\LinkDate01/01/1970 00:00:00NT AUTHORITY\SYSTEM 13241300x80000000000000004817Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:28.216{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\trust.exe|8799eae1c6ff22d6\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004816Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:28.216{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\trust.exe|8799eae1c6ff22d6\LowerCaseLongPathc:\program files\git\usr\bin\trust.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004815Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:28.200{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\truncate.exe|c8ba1860e9b89c7c\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004814Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:28.200{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\truncate.exe|c8ba1860e9b89c7c\LinkDate11/15/2022 17:19:05NT AUTHORITY\SYSTEM 13241300x80000000000000004813Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:28.200{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\truncate.exe|c8ba1860e9b89c7c\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004812Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:28.200{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\truncate.exe|c8ba1860e9b89c7c\LowerCaseLongPathc:\program files\git\usr\bin\truncate.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004811Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:28.200{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\true.exe|63cbe5fc93313f79\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004810Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:28.200{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\true.exe|63cbe5fc93313f79\LinkDate11/15/2022 17:19:05NT AUTHORITY\SYSTEM 13241300x80000000000000004809Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:28.200{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\true.exe|63cbe5fc93313f79\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004808Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:28.200{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\true.exe|63cbe5fc93313f79\LowerCaseLongPathc:\program files\git\usr\bin\true.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004807Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:28.200{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\tr.exe|8da93faf0d2cfacc\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004806Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:28.200{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\tr.exe|8da93faf0d2cfacc\LinkDate11/15/2022 17:19:05NT AUTHORITY\SYSTEM 13241300x80000000000000004805Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:28.200{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\tr.exe|8da93faf0d2cfacc\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004804Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:28.200{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\tr.exe|8da93faf0d2cfacc\LowerCaseLongPathc:\program files\git\usr\bin\tr.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004803Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:28.200{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\tput.exe|b8002a648477f6bb\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004802Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:28.200{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\tput.exe|b8002a648477f6bb\LinkDate01/29/2023 10:00:17NT AUTHORITY\SYSTEM 13241300x80000000000000004801Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:28.200{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\tput.exe|b8002a648477f6bb\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004800Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:28.200{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\tput.exe|b8002a648477f6bb\LowerCaseLongPathc:\program files\git\usr\bin\tput.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004799Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:28.200{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\touch.exe|be858ef96bb42d35\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004798Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:28.200{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\touch.exe|be858ef96bb42d35\LinkDate11/15/2022 17:19:05NT AUTHORITY\SYSTEM 13241300x80000000000000004797Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:28.200{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\touch.exe|be858ef96bb42d35\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004796Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:28.200{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\touch.exe|be858ef96bb42d35\LowerCaseLongPathc:\program files\git\usr\bin\touch.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004795Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:28.200{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\toe.exe|575b8daf3eccb5a3\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004794Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:28.200{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\toe.exe|575b8daf3eccb5a3\LinkDate01/29/2023 10:00:16NT AUTHORITY\SYSTEM 13241300x80000000000000004793Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:28.200{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\toe.exe|575b8daf3eccb5a3\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004792Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:28.200{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\toe.exe|575b8daf3eccb5a3\LowerCaseLongPathc:\program files\git\usr\bin\toe.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004791Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:28.185{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\timeout.exe|f5ffdc28654e342e\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004790Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:28.185{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\timeout.exe|f5ffdc28654e342e\LinkDate11/15/2022 17:19:04NT AUTHORITY\SYSTEM 13241300x80000000000000004789Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:28.185{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\timeout.exe|f5ffdc28654e342e\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004788Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:28.185{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\timeout.exe|f5ffdc28654e342e\LowerCaseLongPathc:\program files\git\usr\bin\timeout.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004787Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:28.185{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\tig.exe|20d76728e205d2a5\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004786Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:28.185{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\tig.exe|20d76728e205d2a5\LinkDate02/06/2023 08:52:48NT AUTHORITY\SYSTEM 13241300x80000000000000004785Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:28.185{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\tig.exe|20d76728e205d2a5\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004784Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:28.185{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\tig.exe|20d76728e205d2a5\LowerCaseLongPathc:\program files\git\usr\bin\tig.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004783Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:28.185{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\tic.exe|c473b2ddd094de9a\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004782Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:28.185{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\tic.exe|c473b2ddd094de9a\LinkDate01/29/2023 10:00:16NT AUTHORITY\SYSTEM 13241300x80000000000000004781Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:28.185{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\tic.exe|c473b2ddd094de9a\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004780Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:28.185{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\tic.exe|c473b2ddd094de9a\LowerCaseLongPathc:\program files\git\usr\bin\tic.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004779Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:28.153{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\test.exe|74f4cc67b5c7e4f\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004778Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:28.153{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\test.exe|74f4cc67b5c7e4f\LinkDate11/15/2022 17:19:04NT AUTHORITY\SYSTEM 13241300x80000000000000004777Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:28.153{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\test.exe|74f4cc67b5c7e4f\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004776Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:28.153{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\test.exe|74f4cc67b5c7e4f\LowerCaseLongPathc:\program files\git\usr\bin\test.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004775Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:28.138{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\tee.exe|991299bf040bfe2d\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004774Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:28.138{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\tee.exe|991299bf040bfe2d\LinkDate11/15/2022 17:19:04NT AUTHORITY\SYSTEM 13241300x80000000000000004773Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:28.138{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\tee.exe|991299bf040bfe2d\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004772Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:28.138{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\tee.exe|991299bf040bfe2d\LowerCaseLongPathc:\program files\git\usr\bin\tee.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004771Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:28.138{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\tclsh86.exe|4994964426e57062\BinProductVersion8.6.2.12NT AUTHORITY\SYSTEM 13241300x80000000000000004770Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:28.138{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\tclsh86.exe|4994964426e57062\LinkDate04/24/2023 06:04:47NT AUTHORITY\SYSTEM 13241300x80000000000000004769Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:28.138{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\tclsh86.exe|4994964426e57062\Publisheractivestate corporationNT AUTHORITY\SYSTEM 13241300x80000000000000004768Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:28.138{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\tclsh86.exe|4994964426e57062\LowerCaseLongPathc:\program files\git\mingw64\bin\tclsh86.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004767Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:28.138{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\tclsh.exe|c680bc50ff765224\BinProductVersion8.6.2.12NT AUTHORITY\SYSTEM 13241300x80000000000000004766Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:28.138{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\tclsh.exe|c680bc50ff765224\LinkDate04/24/2023 06:04:47NT AUTHORITY\SYSTEM 13241300x80000000000000004765Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:28.138{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\tclsh.exe|c680bc50ff765224\Publisheractivestate corporationNT AUTHORITY\SYSTEM 13241300x80000000000000004764Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:28.138{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\tclsh.exe|c680bc50ff765224\LowerCaseLongPathc:\program files\git\mingw64\bin\tclsh.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004763Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:28.138{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\tar.exe|1dbed49e1ef6b70d\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004762Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:28.138{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\tar.exe|1dbed49e1ef6b70d\LinkDate01/01/1970 00:00:00NT AUTHORITY\SYSTEM 13241300x80000000000000004761Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:28.138{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\tar.exe|1dbed49e1ef6b70d\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004760Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:28.138{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\tar.exe|1dbed49e1ef6b70d\LowerCaseLongPathc:\program files\git\usr\bin\tar.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004759Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:28.122{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\tail.exe|6acc971f2533f90e\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004758Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:28.122{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\tail.exe|6acc971f2533f90e\LinkDate11/15/2022 17:19:04NT AUTHORITY\SYSTEM 13241300x80000000000000004757Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:28.122{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\tail.exe|6acc971f2533f90e\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004756Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:28.122{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\tail.exe|6acc971f2533f90e\LowerCaseLongPathc:\program files\git\usr\bin\tail.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004755Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:28.122{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\tac.exe|e73e5023bd74098e\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004754Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:28.122{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\tac.exe|e73e5023bd74098e\LinkDate11/15/2022 17:19:03NT AUTHORITY\SYSTEM 13241300x80000000000000004753Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:28.122{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\tac.exe|e73e5023bd74098e\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004752Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:28.122{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\tac.exe|e73e5023bd74098e\LowerCaseLongPathc:\program files\git\usr\bin\tac.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004751Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:28.122{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\tabs.exe|743d286408f97c6a\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004750Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:28.122{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\tabs.exe|743d286408f97c6a\LinkDate01/29/2023 10:00:16NT AUTHORITY\SYSTEM 13241300x80000000000000004749Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:28.122{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\tabs.exe|743d286408f97c6a\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004748Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:28.122{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\tabs.exe|743d286408f97c6a\LowerCaseLongPathc:\program files\git\usr\bin\tabs.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004747Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:28.122{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\sync.exe|5031e1e27bd724c8\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004746Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:28.122{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\sync.exe|5031e1e27bd724c8\LinkDate11/15/2022 17:19:03NT AUTHORITY\SYSTEM 13241300x80000000000000004745Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:28.122{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\sync.exe|5031e1e27bd724c8\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004744Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:28.122{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\sync.exe|5031e1e27bd724c8\LowerCaseLongPathc:\program files\git\usr\bin\sync.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004743Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:28.122{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\sum.exe|624682ccf5cba616\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004742Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:28.122{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\sum.exe|624682ccf5cba616\LinkDate11/15/2022 17:19:03NT AUTHORITY\SYSTEM 13241300x80000000000000004741Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:28.122{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\sum.exe|624682ccf5cba616\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004740Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:28.122{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\sum.exe|624682ccf5cba616\LowerCaseLongPathc:\program files\git\usr\bin\sum.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004739Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:28.091{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\stty.exe|4906c606dce675\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004738Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:28.091{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\stty.exe|4906c606dce675\LinkDate11/15/2022 17:19:02NT AUTHORITY\SYSTEM 13241300x80000000000000004737Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:28.091{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\stty.exe|4906c606dce675\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004736Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:28.091{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\stty.exe|4906c606dce675\LowerCaseLongPathc:\program files\git\usr\bin\stty.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004735Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:28.091{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\strace.exe|2e71f496c5d1f2c3\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004734Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:28.091{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\strace.exe|2e71f496c5d1f2c3\LinkDate05/18/2023 20:44:04NT AUTHORITY\SYSTEM 13241300x80000000000000004733Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:28.091{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\strace.exe|2e71f496c5d1f2c3\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004732Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:28.091{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\strace.exe|2e71f496c5d1f2c3\LowerCaseLongPathc:\program files\git\usr\bin\strace.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004731Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:28.091{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\stdbuf.exe|993a8b786b346306\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004730Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:28.091{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\stdbuf.exe|993a8b786b346306\LinkDate11/15/2022 17:19:02NT AUTHORITY\SYSTEM 13241300x80000000000000004729Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:28.091{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\stdbuf.exe|993a8b786b346306\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004728Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:28.091{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\stdbuf.exe|993a8b786b346306\LowerCaseLongPathc:\program files\git\usr\bin\stdbuf.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004727Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:28.091{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\stat.exe|1f444a67c4725e6b\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004726Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:28.091{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\stat.exe|1f444a67c4725e6b\LinkDate11/15/2022 17:19:02NT AUTHORITY\SYSTEM 13241300x80000000000000004725Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:28.091{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\stat.exe|1f444a67c4725e6b\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004724Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:28.091{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\stat.exe|1f444a67c4725e6b\LowerCaseLongPathc:\program files\git\usr\bin\stat.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004723Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:28.075{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\ssp.exe|e0a08db5e80ffcdd\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004722Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:28.075{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\ssp.exe|e0a08db5e80ffcdd\LinkDate05/18/2023 20:44:26NT AUTHORITY\SYSTEM 13241300x80000000000000004721Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:28.075{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\ssp.exe|e0a08db5e80ffcdd\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004720Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:28.075{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\ssp.exe|e0a08db5e80ffcdd\LowerCaseLongPathc:\program files\git\usr\bin\ssp.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004719Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:28.075{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\sshd.exe|5f6404603331db89\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004718Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:28.075{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\sshd.exe|5f6404603331db89\LinkDate03/16/2023 10:45:42NT AUTHORITY\SYSTEM 13241300x80000000000000004717Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:28.075{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\sshd.exe|5f6404603331db89\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004716Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:28.075{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\sshd.exe|5f6404603331db89\LowerCaseLongPathc:\program files\git\usr\bin\sshd.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004715Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:28.059{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\ssh.exe|4c8b77151293e36e\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004714Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:28.059{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\ssh.exe|4c8b77151293e36e\LinkDate03/16/2023 10:45:41NT AUTHORITY\SYSTEM 13241300x80000000000000004713Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:28.059{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\ssh.exe|4c8b77151293e36e\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004712Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:28.059{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\ssh.exe|4c8b77151293e36e\LowerCaseLongPathc:\program files\git\usr\bin\ssh.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004711Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:28.059{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\ssh-sk-helper.ex|526e238c0df646d1\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004710Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:28.059{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\ssh-sk-helper.ex|526e238c0df646d1\LinkDate03/16/2023 10:45:43NT AUTHORITY\SYSTEM 13241300x80000000000000004709Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:28.059{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\ssh-sk-helper.ex|526e238c0df646d1\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004708Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:28.059{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\ssh-sk-helper.ex|526e238c0df646d1\LowerCaseLongPathc:\program files\git\usr\lib\ssh\ssh-sk-helper.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004707Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:28.044{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\ssh-pkcs11-helpe|d67a44ebac5d5f31\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004706Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:28.044{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\ssh-pkcs11-helpe|d67a44ebac5d5f31\LinkDate03/16/2023 10:45:43NT AUTHORITY\SYSTEM 13241300x80000000000000004705Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:28.044{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\ssh-pkcs11-helpe|d67a44ebac5d5f31\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004704Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:28.044{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\ssh-pkcs11-helpe|d67a44ebac5d5f31\LowerCaseLongPathc:\program files\git\usr\lib\ssh\ssh-pkcs11-helper.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004703Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:28.044{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\ssh-pageant.exe|f558d3a8a2e8201c\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004702Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:28.044{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\ssh-pageant.exe|f558d3a8a2e8201c\LinkDate05/19/2023 16:13:33NT AUTHORITY\SYSTEM 13241300x80000000000000004701Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:28.044{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\ssh-pageant.exe|f558d3a8a2e8201c\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004700Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:28.044{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\ssh-pageant.exe|f558d3a8a2e8201c\LowerCaseLongPathc:\program files\git\usr\bin\ssh-pageant.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004699Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:28.028{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\ssh-keysign.exe|9428dc5f875b1cbe\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004698Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:28.028{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\ssh-keysign.exe|9428dc5f875b1cbe\LinkDate03/16/2023 10:45:42NT AUTHORITY\SYSTEM 13241300x80000000000000004697Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:28.028{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\ssh-keysign.exe|9428dc5f875b1cbe\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004696Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:28.028{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\ssh-keysign.exe|9428dc5f875b1cbe\LowerCaseLongPathc:\program files\git\usr\lib\ssh\ssh-keysign.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004695Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:28.028{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\ssh-keyscan.exe|54318a1f39629d66\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004694Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:28.028{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\ssh-keyscan.exe|54318a1f39629d66\LinkDate03/16/2023 10:45:41NT AUTHORITY\SYSTEM 13241300x80000000000000004693Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:28.028{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\ssh-keyscan.exe|54318a1f39629d66\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004692Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:28.028{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\ssh-keyscan.exe|54318a1f39629d66\LowerCaseLongPathc:\program files\git\usr\bin\ssh-keyscan.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004691Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:28.013{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\ssh-keygen.exe|4fd9485267bf242f\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004690Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:28.013{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\ssh-keygen.exe|4fd9485267bf242f\LinkDate03/16/2023 10:45:41NT AUTHORITY\SYSTEM 13241300x80000000000000004689Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:28.013{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\ssh-keygen.exe|4fd9485267bf242f\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004688Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:28.013{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\ssh-keygen.exe|4fd9485267bf242f\LowerCaseLongPathc:\program files\git\usr\bin\ssh-keygen.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004687Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:28.013{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\ssh-agent.exe|1411e9f6efc17c0f\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004686Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:28.013{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\ssh-agent.exe|1411e9f6efc17c0f\LinkDate03/16/2023 10:45:40NT AUTHORITY\SYSTEM 13241300x80000000000000004685Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:28.013{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\ssh-agent.exe|1411e9f6efc17c0f\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004684Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:28.013{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\ssh-agent.exe|1411e9f6efc17c0f\LowerCaseLongPathc:\program files\git\usr\bin\ssh-agent.exeNT AUTHORITY\SYSTEM 13241300x80000000000000004683Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:27.997{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\ssh-add.exe|52771e80916527e6\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004682Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:27.997{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\ssh-add.exe|52771e80916527e6\LinkDate03/16/2023 10:45:40NT AUTHORITY\SYSTEM 13241300x80000000000000004681Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:27.997{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\ssh-add.exe|52771e80916527e6\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000004680Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:27.997{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\ssh-add.exe|52771e80916527e6\LowerCaseLongPathc:\program files\git\usr\bin\ssh-add.exeNT AUTHORITY\SYSTEM 13241300x80000000000000005225Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:29.982{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\x86_64-w64-mingw|e0fd3bdbf3fd7706\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000005224Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:29.982{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\x86_64-w64-mingw|e0fd3bdbf3fd7706\LinkDate01/01/1970 00:00:00NT AUTHORITY\SYSTEM 13241300x80000000000000005223Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:29.982{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\x86_64-w64-mingw|e0fd3bdbf3fd7706\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000005222Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:29.982{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\x86_64-w64-mingw|e0fd3bdbf3fd7706\LowerCaseLongPathc:\python311\tcl\nmake\x86_64-w64-mingw32-nmakehlp.exeNT AUTHORITY\SYSTEM 13241300x80000000000000005221Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:29.982{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\splunkmonitornoh|e59d09056446ab10\BinProductVersion10.0.10011.16384NT AUTHORITY\SYSTEM 13241300x80000000000000005220Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:29.982{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\splunkmonitornoh|e59d09056446ab10\LinkDate10/02/2019 17:37:14NT AUTHORITY\SYSTEM 13241300x80000000000000005219Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:29.982{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\splunkmonitornoh|e59d09056446ab10\Publisherwindows (r) win 7 ddk providerNT AUTHORITY\SYSTEM 13241300x80000000000000005218Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:29.982{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\splunkmonitornoh|e59d09056446ab10\LowerCaseLongPathc:\program files\splunkuniversalforwarder\bin\splunkmonitornohandledrv.sysNT AUTHORITY\SYSTEM 13241300x80000000000000005217Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:29.966{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\splunkdrv.sys|d26d9681615e2fde\BinProductVersion10.0.10011.16384NT AUTHORITY\SYSTEM 13241300x80000000000000005216Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:29.966{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\splunkdrv.sys|d26d9681615e2fde\LinkDate10/02/2019 17:37:08NT AUTHORITY\SYSTEM 13241300x80000000000000005215Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:29.966{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\splunkdrv.sys|d26d9681615e2fde\Publisherwindows (r) win 7 ddk providerNT AUTHORITY\SYSTEM 13241300x80000000000000005214Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:29.966{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\splunkdrv.sys|d26d9681615e2fde\LowerCaseLongPathc:\program files\splunkuniversalforwarder\bin\splunkdrv.sysNT AUTHORITY\SYSTEM 13241300x80000000000000005213Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:29.966{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\splunkd.exe|97fa29633c3fe2cc\BinProductVersion2304.1280.25713.15594NT AUTHORITY\SYSTEM 13241300x80000000000000005212Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:29.966{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\splunkd.exe|97fa29633c3fe2cc\LinkDate05/26/2023 23:31:58NT AUTHORITY\SYSTEM 13241300x80000000000000005211Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:29.966{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\splunkd.exe|97fa29633c3fe2cc\Publishersplunk inc.NT AUTHORITY\SYSTEM 13241300x80000000000000005210Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:29.966{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\splunkd.exe|97fa29633c3fe2cc\LowerCaseLongPathc:\program files\splunkuniversalforwarder\bin\splunkd.exeNT AUTHORITY\SYSTEM 13241300x80000000000000005209Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:29.888{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\splunk.exe|a8c4bd649036a5f1\BinProductVersion2304.1280.25713.15594NT AUTHORITY\SYSTEM 13241300x80000000000000005208Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:29.888{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\splunk.exe|a8c4bd649036a5f1\LinkDate05/26/2023 23:14:30NT AUTHORITY\SYSTEM 13241300x80000000000000005207Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:29.888{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\splunk.exe|a8c4bd649036a5f1\Publishersplunk inc.NT AUTHORITY\SYSTEM 13241300x80000000000000005206Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:29.888{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\splunk.exe|a8c4bd649036a5f1\LowerCaseLongPathc:\program files\splunkuniversalforwarder\bin\splunk.exeNT AUTHORITY\SYSTEM 13241300x80000000000000005205Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:29.888{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\splunk-wmi.exe|fd58174ea9e370c0\BinProductVersion2304.1280.25713.15594NT AUTHORITY\SYSTEM 13241300x80000000000000005204Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:29.888{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\splunk-wmi.exe|fd58174ea9e370c0\LinkDate05/26/2023 23:28:45NT AUTHORITY\SYSTEM 13241300x80000000000000005203Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:29.888{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\splunk-wmi.exe|fd58174ea9e370c0\Publishersplunk inc.NT AUTHORITY\SYSTEM 13241300x80000000000000005202Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:29.888{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\splunk-wmi.exe|fd58174ea9e370c0\LowerCaseLongPathc:\program files\splunkuniversalforwarder\bin\splunk-wmi.exeNT AUTHORITY\SYSTEM 13241300x80000000000000005201Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:29.841{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\splunk-winprintm|94e5804991a842aa\BinProductVersion2304.1280.25713.15594NT AUTHORITY\SYSTEM 13241300x80000000000000005200Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:29.841{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\splunk-winprintm|94e5804991a842aa\LinkDate05/26/2023 23:20:37NT AUTHORITY\SYSTEM 13241300x80000000000000005199Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:29.841{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\splunk-winprintm|94e5804991a842aa\Publishersplunk inc.NT AUTHORITY\SYSTEM 13241300x80000000000000005198Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:29.841{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\splunk-winprintm|94e5804991a842aa\LowerCaseLongPathc:\program files\splunkuniversalforwarder\bin\splunk-winprintmon.exeNT AUTHORITY\SYSTEM 13241300x80000000000000005197Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:29.779{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\splunk-winhostin|9c2f9c50ce2f578e\BinProductVersion2304.1280.25713.15594NT AUTHORITY\SYSTEM 13241300x80000000000000005196Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:29.779{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\splunk-winhostin|9c2f9c50ce2f578e\LinkDate05/26/2023 23:20:18NT AUTHORITY\SYSTEM 13241300x80000000000000005195Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:29.779{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\splunk-winhostin|9c2f9c50ce2f578e\Publishersplunk inc.NT AUTHORITY\SYSTEM 13241300x80000000000000005194Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:29.779{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\splunk-winhostin|9c2f9c50ce2f578e\LowerCaseLongPathc:\program files\splunkuniversalforwarder\bin\splunk-winhostinfo.exeNT AUTHORITY\SYSTEM 13241300x80000000000000005193Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:29.700{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\splunk-regmon.ex|618812230e4591fb\BinProductVersion2304.1280.25713.15594NT AUTHORITY\SYSTEM 13241300x80000000000000005192Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:29.700{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\splunk-regmon.ex|618812230e4591fb\LinkDate05/26/2023 23:20:00NT AUTHORITY\SYSTEM 13241300x80000000000000005191Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:29.700{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\splunk-regmon.ex|618812230e4591fb\Publishersplunk inc.NT AUTHORITY\SYSTEM 13241300x80000000000000005190Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:29.700{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\splunk-regmon.ex|618812230e4591fb\LowerCaseLongPathc:\program files\splunkuniversalforwarder\bin\splunk-regmon.exeNT AUTHORITY\SYSTEM 13241300x80000000000000005189Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:29.622{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\splunk-powershel|2c084771581f2247\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000005188Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:29.622{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\splunk-powershel|2c084771581f2247\LinkDate05/26/2023 23:20:07NT AUTHORITY\SYSTEM 13241300x80000000000000005187Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:29.622{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\splunk-powershel|2c084771581f2247\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000005186Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:29.622{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\splunk-powershel|2c084771581f2247\LowerCaseLongPathc:\program files\splunkuniversalforwarder\bin\splunk-powershell.exeNT AUTHORITY\SYSTEM 13241300x80000000000000005185Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:29.591{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\splunk-perfmon.e|5179a15d38015aca\BinProductVersion2304.1280.25713.15594NT AUTHORITY\SYSTEM 13241300x80000000000000005184Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:29.591{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\splunk-perfmon.e|5179a15d38015aca\LinkDate05/26/2023 23:20:02NT AUTHORITY\SYSTEM 13241300x80000000000000005183Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:29.591{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\splunk-perfmon.e|5179a15d38015aca\Publishersplunk inc.NT AUTHORITY\SYSTEM 13241300x80000000000000005182Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:29.591{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\splunk-perfmon.e|5179a15d38015aca\LowerCaseLongPathc:\program files\splunkuniversalforwarder\bin\splunk-perfmon.exeNT AUTHORITY\SYSTEM 13241300x80000000000000005181Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:29.544{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\splunk-netmon.ex|1a876d8838ded3dd\BinProductVersion2304.1280.25713.15594NT AUTHORITY\SYSTEM 13241300x80000000000000005180Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:29.544{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\splunk-netmon.ex|1a876d8838ded3dd\LinkDate05/26/2023 23:20:24NT AUTHORITY\SYSTEM 13241300x80000000000000005179Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:29.544{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\splunk-netmon.ex|1a876d8838ded3dd\Publishersplunk inc.NT AUTHORITY\SYSTEM 13241300x80000000000000005178Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:29.544{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\splunk-netmon.ex|1a876d8838ded3dd\LowerCaseLongPathc:\program files\splunkuniversalforwarder\bin\splunk-netmon.exeNT AUTHORITY\SYSTEM 13241300x80000000000000005177Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:29.497{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\splunk-monitorno|903ef6eeb885a45b\BinProductVersion10.0.10011.16384NT AUTHORITY\SYSTEM 13241300x80000000000000005176Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:29.497{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\splunk-monitorno|903ef6eeb885a45b\LinkDate05/26/2023 23:20:22NT AUTHORITY\SYSTEM 13241300x80000000000000005175Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:29.497{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\splunk-monitorno|903ef6eeb885a45b\Publisherwindows (r) win 7 ddk providerNT AUTHORITY\SYSTEM 13241300x80000000000000005174Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:29.497{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\splunk-monitorno|903ef6eeb885a45b\LowerCaseLongPathc:\program files\splunkuniversalforwarder\bin\splunk-monitornohandle.exeNT AUTHORITY\SYSTEM 13241300x80000000000000005173Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:29.450{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\splunk-compresst|40738d14a4b5ef86\BinProductVersion2304.1280.25713.15594NT AUTHORITY\SYSTEM 13241300x80000000000000005172Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:29.450{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\splunk-compresst|40738d14a4b5ef86\LinkDate05/26/2023 23:14:30NT AUTHORITY\SYSTEM 13241300x80000000000000005171Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:29.450{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\splunk-compresst|40738d14a4b5ef86\Publishersplunk inc.NT AUTHORITY\SYSTEM 13241300x80000000000000005170Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:29.450{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\splunk-compresst|40738d14a4b5ef86\LowerCaseLongPathc:\program files\splunkuniversalforwarder\bin\splunk-compresstool.exeNT AUTHORITY\SYSTEM 13241300x80000000000000005169Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:29.450{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\splunk-admon.exe|eab473bd2c77f301\BinProductVersion2304.1280.25713.15594NT AUTHORITY\SYSTEM 13241300x80000000000000005168Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:29.450{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\splunk-admon.exe|eab473bd2c77f301\LinkDate05/26/2023 23:20:14NT AUTHORITY\SYSTEM 13241300x80000000000000005167Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:29.450{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\splunk-admon.exe|eab473bd2c77f301\Publishersplunk inc.NT AUTHORITY\SYSTEM 13241300x80000000000000005166Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:29.450{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\splunk-admon.exe|eab473bd2c77f301\LowerCaseLongPathc:\program files\splunkuniversalforwarder\bin\splunk-admon.exeNT AUTHORITY\SYSTEM 13241300x80000000000000005165Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:29.404{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\splknetdrv.sys|9d837bc7abc517f\BinProductVersion10.0.10011.16384NT AUTHORITY\SYSTEM 13241300x80000000000000005164Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:29.404{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\splknetdrv.sys|9d837bc7abc517f\LinkDate09/27/2019 18:25:44NT AUTHORITY\SYSTEM 13241300x80000000000000005163Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:29.404{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\splknetdrv.sys|9d837bc7abc517f\Publisherwindows (r) win 7 ddk providerNT AUTHORITY\SYSTEM 13241300x80000000000000005162Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:29.404{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\splknetdrv.sys|9d837bc7abc517f\LowerCaseLongPathc:\program files\splunkuniversalforwarder\bin\splknetdrv.sysNT AUTHORITY\SYSTEM 13241300x80000000000000005161Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:29.404{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\openssl.exe|fe2747d40e70e115\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000005160Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:29.404{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\openssl.exe|fe2747d40e70e115\LinkDate05/16/2023 00:09:00NT AUTHORITY\SYSTEM 13241300x80000000000000005159Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:29.404{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\openssl.exe|fe2747d40e70e115\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000005158Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:29.404{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\openssl.exe|fe2747d40e70e115\LowerCaseLongPathc:\program files\splunkuniversalforwarder\bin\openssl.exeNT AUTHORITY\SYSTEM 13241300x80000000000000005157Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:29.388{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\classify.exe|c62b2c99ddbdcd65\BinProductVersion2304.1280.25713.15594NT AUTHORITY\SYSTEM 13241300x80000000000000005156Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:29.388{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\classify.exe|c62b2c99ddbdcd65\LinkDate05/26/2023 23:14:11NT AUTHORITY\SYSTEM 13241300x80000000000000005155Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:29.388{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\classify.exe|c62b2c99ddbdcd65\Publishersplunk inc.NT AUTHORITY\SYSTEM 13241300x80000000000000005154Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:29.388{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\classify.exe|c62b2c99ddbdcd65\LowerCaseLongPathc:\program files\splunkuniversalforwarder\bin\classify.exeNT AUTHORITY\SYSTEM 13241300x80000000000000005153Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:29.388{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\btprobe.exe|ca8341d242e7a488\BinProductVersion2304.1280.25713.15594NT AUTHORITY\SYSTEM 13241300x80000000000000005152Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:29.388{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\btprobe.exe|ca8341d242e7a488\LinkDate05/26/2023 23:14:07NT AUTHORITY\SYSTEM 13241300x80000000000000005151Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:29.388{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\btprobe.exe|ca8341d242e7a488\Publishersplunk inc.NT AUTHORITY\SYSTEM 13241300x80000000000000005150Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:29.388{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\btprobe.exe|ca8341d242e7a488\LowerCaseLongPathc:\program files\splunkuniversalforwarder\bin\btprobe.exeNT AUTHORITY\SYSTEM 13241300x80000000000000005149Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:29.372{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\btool.exe|4e68b21196df7ca2\BinProductVersion2304.1280.25713.15594NT AUTHORITY\SYSTEM 13241300x80000000000000005148Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:29.372{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\btool.exe|4e68b21196df7ca2\LinkDate05/26/2023 23:14:08NT AUTHORITY\SYSTEM 13241300x80000000000000005147Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:29.372{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\btool.exe|4e68b21196df7ca2\Publishersplunk inc.NT AUTHORITY\SYSTEM 13241300x80000000000000005146Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:29.372{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\btool.exe|4e68b21196df7ca2\LowerCaseLongPathc:\program files\splunkuniversalforwarder\bin\btool.exeNT AUTHORITY\SYSTEM 13241300x80000000000000005145Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:29.372{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\uninstall.exe|987e0404a196a19e\BinProductVersion23.1.0.0NT AUTHORITY\SYSTEM 13241300x80000000000000005144Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:29.372{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\uninstall.exe|987e0404a196a19e\LinkDate06/20/2023 07:00:00NT AUTHORITY\SYSTEM 13241300x80000000000000005143Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:29.372{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\uninstall.exe|987e0404a196a19e\Publisherigor pavlovNT AUTHORITY\SYSTEM 13241300x80000000000000005142Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:29.372{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\uninstall.exe|987e0404a196a19e\LowerCaseLongPathc:\program files\7-zip\uninstall.exeNT AUTHORITY\SYSTEM 13241300x80000000000000005141Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:29.372{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\7zg.exe|66a2193c8967c10d\BinProductVersion23.1.0.0NT AUTHORITY\SYSTEM 13241300x80000000000000005140Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:29.372{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\7zg.exe|66a2193c8967c10d\LinkDate06/20/2023 08:00:00NT AUTHORITY\SYSTEM 13241300x80000000000000005139Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:29.372{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\7zg.exe|66a2193c8967c10d\Publisherigor pavlovNT AUTHORITY\SYSTEM 13241300x80000000000000005138Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:29.372{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\7zg.exe|66a2193c8967c10d\LowerCaseLongPathc:\program files\7-zip\7zg.exeNT AUTHORITY\SYSTEM 13241300x80000000000000005137Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:29.341{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\7zfm.exe|56d287950815a745\BinProductVersion23.1.0.0NT AUTHORITY\SYSTEM 13241300x80000000000000005136Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:29.341{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\7zfm.exe|56d287950815a745\LinkDate06/20/2023 08:00:00NT AUTHORITY\SYSTEM 13241300x80000000000000005135Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:29.341{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\7zfm.exe|56d287950815a745\Publisherigor pavlovNT AUTHORITY\SYSTEM 13241300x80000000000000005134Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:29.341{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\7zfm.exe|56d287950815a745\LowerCaseLongPathc:\program files\7-zip\7zfm.exeNT AUTHORITY\SYSTEM 13241300x80000000000000005133Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:29.325{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\7z.exe|afe683e0fa522625\BinProductVersion23.1.0.0NT AUTHORITY\SYSTEM 13241300x80000000000000005132Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:29.325{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\7z.exe|afe683e0fa522625\LinkDate06/20/2023 08:00:00NT AUTHORITY\SYSTEM 13241300x80000000000000005131Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:29.325{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\7z.exe|afe683e0fa522625\Publisherigor pavlovNT AUTHORITY\SYSTEM 13241300x80000000000000005130Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:29.325{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\7z.exe|afe683e0fa522625\LowerCaseLongPathc:\program files\7-zip\7z.exeNT AUTHORITY\SYSTEM 13241300x80000000000000005129Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:29.247{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\uninstall.exe|bd4762a4deb0ebdc\BinProductVersion8.5.4.0NT AUTHORITY\SYSTEM 13241300x80000000000000005128Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:29.247{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\uninstall.exe|bd4762a4deb0ebdc\LinkDate09/25/2021 21:56:47NT AUTHORITY\SYSTEM 13241300x80000000000000005127Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:29.247{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\uninstall.exe|bd4762a4deb0ebdc\Publisherdon ho don.h@free.frNT AUTHORITY\SYSTEM 13241300x80000000000000005126Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:29.247{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\uninstall.exe|bd4762a4deb0ebdc\LowerCaseLongPathc:\program files\notepad++\uninstall.exeNT AUTHORITY\SYSTEM 13241300x80000000000000005125Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:29.247{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\gup.exe|eaab466dc417ed01\BinProductVersion5.2.5.0NT AUTHORITY\SYSTEM 13241300x80000000000000005124Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:29.247{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\gup.exe|eaab466dc417ed01\LinkDate02/26/2023 23:09:17NT AUTHORITY\SYSTEM 13241300x80000000000000005123Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:29.247{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\gup.exe|eaab466dc417ed01\Publisherdon ho don.h@free.frNT AUTHORITY\SYSTEM 13241300x80000000000000005122Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:29.247{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\gup.exe|eaab466dc417ed01\LowerCaseLongPathc:\program files\notepad++\updater\gup.exeNT AUTHORITY\SYSTEM 13241300x80000000000000005121Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:29.216{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\vc_redist.x86.ex|7db4d0f4b693bd4c\BinProductVersion14.36.32532.0NT AUTHORITY\SYSTEM 13241300x80000000000000005120Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:29.216{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\vc_redist.x86.ex|7db4d0f4b693bd4c\LinkDate11/18/2017 21:37:28NT AUTHORITY\SYSTEM 13241300x80000000000000005119Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:29.216{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\vc_redist.x86.ex|7db4d0f4b693bd4c\Publishermicrosoft corporationNT AUTHORITY\SYSTEM 13241300x80000000000000005118Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:29.216{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\vc_redist.x86.ex|7db4d0f4b693bd4c\LowerCaseLongPathc:\programdata\package cache\{410c0ee1-00bb-41b6-9772-e12c2828b02f}\vc_redist.x86.exeNT AUTHORITY\SYSTEM 13241300x80000000000000005117Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:29.216{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\pythonw.exe|2bdac39d11277034\BinProductVersion3.11.4150.1013NT AUTHORITY\SYSTEM 13241300x80000000000000005116Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:29.216{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\pythonw.exe|2bdac39d11277034\LinkDate06/07/2023 05:47:31NT AUTHORITY\SYSTEM 13241300x80000000000000005115Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:29.216{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\pythonw.exe|2bdac39d11277034\Publisherpython software foundationNT AUTHORITY\SYSTEM 13241300x80000000000000005114Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:29.216{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\pythonw.exe|2bdac39d11277034\LowerCaseLongPathc:\python311\lib\venv\scripts\nt\pythonw.exeNT AUTHORITY\SYSTEM 13241300x80000000000000005113Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:29.200{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\python.exe|777676b3edccfc94\BinProductVersion3.11.4150.1013NT AUTHORITY\SYSTEM 13241300x80000000000000005112Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:29.200{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\python.exe|777676b3edccfc94\LinkDate06/07/2023 05:47:25NT AUTHORITY\SYSTEM 13241300x80000000000000005111Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:29.200{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\python.exe|777676b3edccfc94\Publisherpython software foundationNT AUTHORITY\SYSTEM 13241300x80000000000000005110Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:29.200{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\python.exe|777676b3edccfc94\LowerCaseLongPathc:\python311\lib\venv\scripts\nt\python.exeNT AUTHORITY\SYSTEM 13241300x80000000000000005109Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:29.200{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\python-3.11.4-am|59b8a43977e6c80b\BinProductVersion3.11.4150.0NT AUTHORITY\SYSTEM 13241300x80000000000000005108Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:29.200{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\python-3.11.4-am|59b8a43977e6c80b\LinkDate09/22/2021 15:58:18NT AUTHORITY\SYSTEM 13241300x80000000000000005107Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:29.200{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\python-3.11.4-am|59b8a43977e6c80b\Publisherpython software foundationNT AUTHORITY\SYSTEM 13241300x80000000000000005106Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:29.200{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\python-3.11.4-am|59b8a43977e6c80b\LowerCaseLongPathc:\users\administrator\appdata\local\package cache\{3d45edf4-44bb-483f-9e08-43c38c81e118}\python-3.11.4-amd64.exeNT AUTHORITY\SYSTEM 13241300x80000000000000005105Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:29.169{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\wcchromenativeme|cb26eca9d751823\BinProductVersion23.1.20174.0NT AUTHORITY\SYSTEM 13241300x80000000000000005104Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:29.169{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\wcchromenativeme|cb26eca9d751823\LinkDate05/04/2023 18:30:15NT AUTHORITY\SYSTEM 13241300x80000000000000005103Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:29.169{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\wcchromenativeme|cb26eca9d751823\Publisheradobe systems inc.NT AUTHORITY\SYSTEM 13241300x80000000000000005102Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:29.169{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\wcchromenativeme|cb26eca9d751823\LowerCaseLongPathc:\program files\adobe\acrobat dc\acrobat\browser\wcchromeextn\wcchromenativemessaginghost.exeNT AUTHORITY\SYSTEM 13241300x80000000000000005101Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:29.169{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\singleclientserv|7f996c5d9de00feb\BinProductVersion23.3.20215.0NT AUTHORITY\SYSTEM 13241300x80000000000000005100Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:29.169{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\singleclientserv|7f996c5d9de00feb\LinkDate06/14/2023 18:16:41NT AUTHORITY\SYSTEM 13241300x80000000000000005099Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:29.169{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\singleclientserv|7f996c5d9de00feb\Publisheradobe systems incorporatedNT AUTHORITY\SYSTEM 13241300x80000000000000005098Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:29.169{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\singleclientserv|7f996c5d9de00feb\LowerCaseLongPathc:\program files\adobe\acrobat dc\acrobat\acrocef\singleclientservicesupdater.exeNT AUTHORITY\SYSTEM 13241300x80000000000000005306Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:30.247{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\amazonssmagentse|79c508babf71be72\BinProductVersion3.1.2144.0NT AUTHORITY\SYSTEM 13241300x80000000000000005305Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:30.247{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\amazonssmagentse|79c508babf71be72\LinkDate05/01/2017 14:33:52NT AUTHORITY\SYSTEM 13241300x80000000000000005304Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:30.247{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\amazonssmagentse|79c508babf71be72\Publisheramazon web servicesNT AUTHORITY\SYSTEM 13241300x80000000000000005303Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:30.247{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\amazonssmagentse|79c508babf71be72\LowerCaseLongPathc:\programdata\package cache\{9b366a99-66ba-4da5-a01d-d57836b0eeb6}\amazonssmagentsetup.exeNT AUTHORITY\SYSTEM 13241300x80000000000000005302Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:30.232{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\ssm-agent-worker|7d818f178f6c8fa8\BinProductVersion(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000005301Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:30.232{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\ssm-agent-worker|7d818f178f6c8fa8\LinkDate01/01/1970 00:00:00NT AUTHORITY\SYSTEM 13241300x80000000000000005300Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:30.232{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\ssm-agent-worker|7d818f178f6c8fa8\Publisher(Empty)NT AUTHORITY\SYSTEM 13241300x80000000000000005299Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:30.232{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\ssm-agent-worker|7d818f178f6c8fa8\LowerCaseLongPathc:\program files\amazon\ssm\ssm-agent-worker.exeNT AUTHORITY\SYSTEM 13241300x80000000000000005298Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:30.169{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\aws-cfn-bootstra|157d4bc63f4303cf\BinProductVersion2.0.25.0NT AUTHORITY\SYSTEM 13241300x80000000000000005297Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:30.169{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\aws-cfn-bootstra|157d4bc63f4303cf\LinkDate09/17/2019 05:33:38NT AUTHORITY\SYSTEM 13241300x80000000000000005296Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:30.169{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\aws-cfn-bootstra|157d4bc63f4303cf\Publisheramazon web servicesNT AUTHORITY\SYSTEM 13241300x80000000000000005295Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:30.169{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\aws-cfn-bootstra|157d4bc63f4303cf\LowerCaseLongPathc:\programdata\package cache\{93dd4cf7-f6ef-4e2e-ad61-fe475e9f9f7a}\aws-cfn-bootstrap-bundle.exeNT AUTHORITY\SYSTEM 13241300x80000000000000005294Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:30.154{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\vc_redist.x64.ex|1dfb9d9432e1ab0e\BinProductVersion14.36.32532.0NT AUTHORITY\SYSTEM 13241300x80000000000000005293Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:30.154{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\vc_redist.x64.ex|1dfb9d9432e1ab0e\LinkDate11/18/2017 21:37:28NT AUTHORITY\SYSTEM 13241300x80000000000000005292Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:30.154{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\vc_redist.x64.ex|1dfb9d9432e1ab0e\Publishermicrosoft corporationNT AUTHORITY\SYSTEM 13241300x80000000000000005291Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:30.154{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\vc_redist.x64.ex|1dfb9d9432e1ab0e\LowerCaseLongPathc:\programdata\package cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\vc_redist.x64.exeNT AUTHORITY\SYSTEM 13241300x80000000000000005290Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:30.138{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\uninstall.exe|c3a2a248a1867c34\BinProductVersion1.0.0.0NT AUTHORITY\SYSTEM 13241300x80000000000000005289Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:30.138{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\uninstall.exe|c3a2a248a1867c34\LinkDate07/24/2021 22:21:04NT AUTHORITY\SYSTEM 13241300x80000000000000005288Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:30.138{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\uninstall.exe|c3a2a248a1867c34\Publishermozilla corporationNT AUTHORITY\SYSTEM 13241300x80000000000000005287Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:30.138{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\uninstall.exe|c3a2a248a1867c34\LowerCaseLongPathc:\program files (x86)\mozilla maintenance service\uninstall.exeNT AUTHORITY\SYSTEM 13241300x80000000000000005286Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:30.122{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\maintenanceservi|f537de1e8599ad9d\BinProductVersion115.0.0.8580NT AUTHORITY\SYSTEM 13241300x80000000000000005285Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:30.122{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\maintenanceservi|f537de1e8599ad9d\LinkDate06/29/2023 15:25:12NT AUTHORITY\SYSTEM 13241300x80000000000000005284Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:30.122{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\maintenanceservi|f537de1e8599ad9d\Publishermozilla foundationNT AUTHORITY\SYSTEM 13241300x80000000000000005283Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:30.122{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\maintenanceservi|f537de1e8599ad9d\LowerCaseLongPathc:\program files (x86)\mozilla maintenance service\maintenanceservice.exeNT AUTHORITY\SYSTEM 13241300x80000000000000005282Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:30.122{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\xenvif.sys|cb31ee26ddd80e14\BinProductVersion8.2.9.8NT AUTHORITY\SYSTEM 13241300x80000000000000005281Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:30.122{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\xenvif.sys|cb31ee26ddd80e14\LinkDate07/08/2020 18:42:42NT AUTHORITY\SYSTEM 13241300x80000000000000005280Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:30.122{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\xenvif.sys|cb31ee26ddd80e14\Publisheramazon inc.NT AUTHORITY\SYSTEM 13241300x80000000000000005279Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:30.122{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\xenvif.sys|cb31ee26ddd80e14\LowerCaseLongPathc:\program files\amazon\xentools\.drivers\xenvif\xenvif.sysNT AUTHORITY\SYSTEM 13241300x80000000000000005278Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:30.107{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\xenvbd.sys|1569d4886cd76c31\BinProductVersion8.4.1.6NT AUTHORITY\SYSTEM 13241300x80000000000000005277Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:30.107{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\xenvbd.sys|1569d4886cd76c31\LinkDate02/18/2022 01:28:57NT AUTHORITY\SYSTEM 13241300x80000000000000005276Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:30.107{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\xenvbd.sys|1569d4886cd76c31\Publisheramazon inc.NT AUTHORITY\SYSTEM 13241300x80000000000000005275Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:30.107{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\xenvbd.sys|1569d4886cd76c31\LowerCaseLongPathc:\program files\amazon\xentools\.drivers\xenvbd\xenvbd.sysNT AUTHORITY\SYSTEM 13241300x80000000000000005274Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:30.107{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\xennet.sys|b6a1491527cb2a5f\BinProductVersion8.2.5.32NT AUTHORITY\SYSTEM 13241300x80000000000000005273Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:30.107{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\xennet.sys|b6a1491527cb2a5f\LinkDate11/19/2018 22:01:56NT AUTHORITY\SYSTEM 13241300x80000000000000005272Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:30.107{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\xennet.sys|b6a1491527cb2a5f\Publisheramazon inc.NT AUTHORITY\SYSTEM 13241300x80000000000000005271Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:30.107{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\xennet.sys|b6a1491527cb2a5f\LowerCaseLongPathc:\program files\amazon\xentools\.drivers\xennet\xennet.sysNT AUTHORITY\SYSTEM 13241300x80000000000000005270Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:30.107{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\xeniface.sys|79e991f7eda45e8b\BinProductVersion8.2.7.5NT AUTHORITY\SYSTEM 13241300x80000000000000005269Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:30.107{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\xeniface.sys|79e991f7eda45e8b\LinkDate12/16/2019 19:58:01NT AUTHORITY\SYSTEM 13241300x80000000000000005268Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:30.107{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\xeniface.sys|79e991f7eda45e8b\Publisheramazon inc.NT AUTHORITY\SYSTEM 13241300x80000000000000005267Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:30.107{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\xeniface.sys|79e991f7eda45e8b\LowerCaseLongPathc:\program files\amazon\xentools\.drivers\xeniface\xeniface.sysNT AUTHORITY\SYSTEM 13241300x80000000000000005266Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:30.091{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\xenfilt.sys|5ed52abf02907bc4\BinProductVersion8.3.0.7NT AUTHORITY\SYSTEM 13241300x80000000000000005265Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:30.091{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\xenfilt.sys|5ed52abf02907bc4\LinkDate02/12/2021 02:15:56NT AUTHORITY\SYSTEM 13241300x80000000000000005264Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:30.091{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\xenfilt.sys|5ed52abf02907bc4\Publisheramazon inc.NT AUTHORITY\SYSTEM 13241300x80000000000000005263Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:30.091{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\xenfilt.sys|5ed52abf02907bc4\LowerCaseLongPathc:\program files\amazon\xentools\.drivers\xenbus\xenfilt.sysNT AUTHORITY\SYSTEM 13241300x80000000000000005262Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:30.091{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\xencrsh.sys|b42c374052fc1b77\BinProductVersion8.4.1.6NT AUTHORITY\SYSTEM 13241300x80000000000000005261Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:30.091{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\xencrsh.sys|b42c374052fc1b77\LinkDate02/18/2022 01:28:46NT AUTHORITY\SYSTEM 13241300x80000000000000005260Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:30.091{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\xencrsh.sys|b42c374052fc1b77\Publisheramazon inc.NT AUTHORITY\SYSTEM 13241300x80000000000000005259Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:30.091{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\xencrsh.sys|b42c374052fc1b77\LowerCaseLongPathc:\program files\amazon\xentools\.drivers\xenvbd\xencrsh.sysNT AUTHORITY\SYSTEM 13241300x80000000000000005258Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:30.091{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\xenbus.sys|e7523a385fe94ef1\BinProductVersion8.3.0.7NT AUTHORITY\SYSTEM 13241300x80000000000000005257Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:30.091{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\xenbus.sys|e7523a385fe94ef1\LinkDate02/12/2021 02:15:52NT AUTHORITY\SYSTEM 13241300x80000000000000005256Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:30.091{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\xenbus.sys|e7523a385fe94ef1\Publisheramazon inc.NT AUTHORITY\SYSTEM 13241300x80000000000000005255Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:30.091{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\xenbus.sys|e7523a385fe94ef1\LowerCaseLongPathc:\program files\amazon\xentools\.drivers\xenbus\xenbus.sysNT AUTHORITY\SYSTEM 13241300x80000000000000005254Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:30.076{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\xen.sys|67bb7edc45be100\BinProductVersion8.3.0.7NT AUTHORITY\SYSTEM 13241300x80000000000000005253Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:30.076{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\xen.sys|67bb7edc45be100\LinkDate02/12/2021 02:15:39NT AUTHORITY\SYSTEM 13241300x80000000000000005252Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:30.076{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\xen.sys|67bb7edc45be100\Publisheramazon inc.NT AUTHORITY\SYSTEM 13241300x80000000000000005251Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:30.076{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\xen.sys|67bb7edc45be100\LowerCaseLongPathc:\program files\amazon\xentools\.drivers\xenbus\xen.sysNT AUTHORITY\SYSTEM 13241300x80000000000000005250Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:30.076{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\liteagent.exe|9ddbd66af55387\BinProductVersion8.2.7.5NT AUTHORITY\SYSTEM 13241300x80000000000000005249Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:30.076{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\liteagent.exe|9ddbd66af55387\LinkDate12/16/2019 19:58:07NT AUTHORITY\SYSTEM 13241300x80000000000000005248Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:30.076{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\liteagent.exe|9ddbd66af55387\Publisheramazon inc.NT AUTHORITY\SYSTEM 13241300x80000000000000005247Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:30.076{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\liteagent.exe|9ddbd66af55387\LowerCaseLongPathc:\program files\amazon\xentools\.drivers\xeniface\liteagent.exeNT AUTHORITY\SYSTEM 13241300x80000000000000005246Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:30.060{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\dpinst.exe|e98c683d63883b7\BinProductVersion2.1.0.0NT AUTHORITY\SYSTEM 13241300x80000000000000005245Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:30.060{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\dpinst.exe|e98c683d63883b7\LinkDate05/23/2009 10:37:17NT AUTHORITY\SYSTEM 13241300x80000000000000005244Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:30.060{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\dpinst.exe|e98c683d63883b7\Publishermicrosoft corporationNT AUTHORITY\SYSTEM 13241300x80000000000000005243Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:30.060{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\dpinst.exe|e98c683d63883b7\LowerCaseLongPathc:\program files\amazon\xentools\.drivers\xenvif\dpinst.exeNT AUTHORITY\SYSTEM 13241300x80000000000000005242Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:30.060{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\dpinst.exe|d085d8f0649b17ca\BinProductVersion2.1.0.0NT AUTHORITY\SYSTEM 13241300x80000000000000005241Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:30.060{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\dpinst.exe|d085d8f0649b17ca\LinkDate05/23/2009 10:37:17NT AUTHORITY\SYSTEM 13241300x80000000000000005240Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:30.060{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\dpinst.exe|d085d8f0649b17ca\Publishermicrosoft corporationNT AUTHORITY\SYSTEM 13241300x80000000000000005239Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:30.060{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\dpinst.exe|d085d8f0649b17ca\LowerCaseLongPathc:\program files\amazon\xentools\.drivers\xennet\dpinst.exeNT AUTHORITY\SYSTEM 13241300x80000000000000005238Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:30.044{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\dpinst.exe|c91633581a81cffd\BinProductVersion2.1.0.0NT AUTHORITY\SYSTEM 13241300x80000000000000005237Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:30.044{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\dpinst.exe|c91633581a81cffd\LinkDate05/23/2009 10:37:17NT AUTHORITY\SYSTEM 13241300x80000000000000005236Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:30.044{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\dpinst.exe|c91633581a81cffd\Publishermicrosoft corporationNT AUTHORITY\SYSTEM 13241300x80000000000000005235Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:30.044{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\dpinst.exe|c91633581a81cffd\LowerCaseLongPathc:\program files\amazon\xentools\.drivers\xenbus\dpinst.exeNT AUTHORITY\SYSTEM 13241300x80000000000000005234Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:30.029{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\dpinst.exe|40221a38c568eb82\BinProductVersion2.1.0.0NT AUTHORITY\SYSTEM 13241300x80000000000000005233Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:30.029{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\dpinst.exe|40221a38c568eb82\LinkDate05/23/2009 10:37:17NT AUTHORITY\SYSTEM 13241300x80000000000000005232Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:30.029{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\dpinst.exe|40221a38c568eb82\Publishermicrosoft corporationNT AUTHORITY\SYSTEM 13241300x80000000000000005231Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:30.029{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\dpinst.exe|40221a38c568eb82\LowerCaseLongPathc:\program files\amazon\xentools\.drivers\xenvbd\dpinst.exeNT AUTHORITY\SYSTEM 13241300x80000000000000005230Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-VerSetValue2023-07-10 08:29:29.997{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\dpinst.exe|1e846670f76471a8\BinProductVersion2.1.0.0NT AUTHORITY\SYSTEM 13241300x80000000000000005229Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-CompileTimeClaimSetValue2023-07-10 08:29:29.997{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\dpinst.exe|1e846670f76471a8\LinkDate05/23/2009 10:37:17NT AUTHORITY\SYSTEM 13241300x80000000000000005228Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PubSetValue2023-07-10 08:29:29.997{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\dpinst.exe|1e846670f76471a8\Publishermicrosoft corporationNT AUTHORITY\SYSTEM 13241300x80000000000000005227Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localInvDB-PathSetValue2023-07-10 08:29:29.997{08CB57FB-C160-64AB-C600-00000000FA02}1060C:\Windows\system32\CompatTelRunner.exe\REGISTRY\A\{89d3a5c1-c5f9-69c4-f191-a9eec03717a1}\Root\InventoryApplicationFile\dpinst.exe|1e846670f76471a8\LowerCaseLongPathc:\program files\amazon\xentools\.drivers\xeniface\dpinst.exeNT AUTHORITY\SYSTEM 154100x80000000000000005226Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:29:30.004{08CB57FB-C16A-64AB-C900-00000000FA02}2548C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005309Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:29:31.827{08CB57FB-C16B-64AB-CF00-00000000FA02}2892C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.5Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=056A3A318008FF93D6951CA5561B052F,SHA256=9FCD6D853054A359FDAB4CE80E110DEF60EA62DBE7EA90DCBA0FC0F778D0C4E7,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005308Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:29:31.331{08CB57FB-C16B-64AB-CD00-00000000FA02}2648C:\Windows\System32\mcbuilder.exe10.0.14393.3659 (rs1_release_1.200410-1813)Resource cache builder toolMicrosoft® Windows® Operating SystemMicrosoft Corporationmcbuilder.exeC:\Windows\system32\mcbuilder.exeC:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=7D98FCF7C13D3E0C5D341907161B2DA8,SHA256=A6AC534E69E316145CB54B31D0D9DE4ADDDD471D790FB031C85D3F3EF61AAA8F,IMPHASH=CBAA66CFE978723C5B1CD0A8F75D7629{08CB57FB-C16B-64AB-CB00-00000000FA02}2248C:\Windows\System32\lpremove.exe"C:\Windows\system32\lpremove.exe"NT AUTHORITY\SYSTEM 154100x80000000000000005307Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:29:31.077{08CB57FB-C16B-64AB-CA00-00000000FA02}2884C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004632Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 08:29:44.185{4E8F5BFB-C178-64AB-CA00-00000000F902}3640C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=A434E761D405DDC4EC4411D69D80BAAB,SHA256=DC09085E78020D3044660ED762A8FDBEA00FD859B4EADBE92F8725A9A654F294,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004633Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 08:29:46.030{4E8F5BFB-C17A-64AB-CB00-00000000F902}3364C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.5Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=513972A5A10DC2984285F0B15171C10E,SHA256=B025CC16487F6B5B1D63E7080172856F56A669764AF01CCE8C06B4CFDECCD682,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004634Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 08:29:47.405{4E8F5BFB-C17B-64AB-CC00-00000000F902}776C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004635Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 08:29:48.171{4E8F5BFB-C17C-64AB-CD00-00000000F902}2400C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004636Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 08:29:49.406{4E8F5BFB-C17D-64AB-CE00-00000000F902}912C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.5Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=056A3A318008FF93D6951CA5561B052F,SHA256=9FCD6D853054A359FDAB4CE80E110DEF60EA62DBE7EA90DCBA0FC0F778D0C4E7,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005310Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:30:26.327{08CB57FB-C1A2-64AB-D100-00000000FA02}2728C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=A434E761D405DDC4EC4411D69D80BAAB,SHA256=DC09085E78020D3044660ED762A8FDBEA00FD859B4EADBE92F8725A9A654F294,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005311Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:30:28.246{08CB57FB-C1A4-64AB-D200-00000000FA02}1028C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.5Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=513972A5A10DC2984285F0B15171C10E,SHA256=B025CC16487F6B5B1D63E7080172856F56A669764AF01CCE8C06B4CFDECCD682,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005312Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:30:29.947{08CB57FB-C1A5-64AB-D300-00000000FA02}1708C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005314Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:30:31.773{08CB57FB-C1A7-64AB-D500-00000000FA02}1276C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.5Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=056A3A318008FF93D6951CA5561B052F,SHA256=9FCD6D853054A359FDAB4CE80E110DEF60EA62DBE7EA90DCBA0FC0F778D0C4E7,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005313Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:30:31.024{08CB57FB-C1A7-64AB-D400-00000000FA02}1008C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004637Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 08:30:44.207{4E8F5BFB-C1B4-64AB-CF00-00000000F902}3004C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=A434E761D405DDC4EC4411D69D80BAAB,SHA256=DC09085E78020D3044660ED762A8FDBEA00FD859B4EADBE92F8725A9A654F294,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004638Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 08:30:46.067{4E8F5BFB-C1B6-64AB-D000-00000000F902}3888C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.5Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=513972A5A10DC2984285F0B15171C10E,SHA256=B025CC16487F6B5B1D63E7080172856F56A669764AF01CCE8C06B4CFDECCD682,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004639Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 08:30:47.334{4E8F5BFB-C1B7-64AB-D100-00000000F902}1700C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004640Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 08:30:48.084{4E8F5BFB-C1B8-64AB-D200-00000000F902}80C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004641Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 08:30:49.428{4E8F5BFB-C1B9-64AB-D300-00000000F902}3036C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.5Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=056A3A318008FF93D6951CA5561B052F,SHA256=9FCD6D853054A359FDAB4CE80E110DEF60EA62DBE7EA90DCBA0FC0F778D0C4E7,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 354300x80000000000000005315Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localRDP2023-07-10 08:30:46.736{08CB57FB-BF05-64AB-0F00-00000000FA02}884C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse212.187.221.42-50819-false10.0.1.15ar-win-2.attackrange.local3389ms-wbt-server 154100x80000000000000005318Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:30:51.574{08CB57FB-C1BB-64AB-D800-00000000FA02}1108C:\Windows\System32\winlogon.exe10.0.14393.3204 (rs1_release.190830-1500)Windows Logon ApplicationMicrosoft® Windows® Operating SystemMicrosoft CorporationWINLOGON.EXEwinlogon.exeC:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e72SystemMD5=DEA4CE12F24601830083126E18A2C7C9,SHA256=F002F8C2EA49D21F242996E3D57F5FDD7995FE6DB524BB69BBD7F190CC0211A9,IMPHASH=3CF10D94C117DB4F6E9D523B93429D6D{08CB57FB-C1BB-64AB-D600-00000000FA02}2696C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000110 0000007c NT AUTHORITY\SYSTEM 154100x80000000000000005317Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:30:51.546{08CB57FB-C1BB-64AB-D700-00000000FA02}1172C:\Windows\System32\csrss.exe10.0.14393.2969 (rs1_release.190503-1820)Client Server Runtime ProcessMicrosoft® Windows® Operating SystemMicrosoft CorporationCSRSS.Exe%%SystemRoot%%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e72SystemMD5=955E9227AA30A08B7465C109B863B886,SHA256=D896480BC8523FAD3AE152C81A2B572022C3778A34A6D85E089D150A68E9165E,IMPHASH=273BC9D936389D79244E6E56BE5096B6{08CB57FB-C1BB-64AB-D600-00000000FA02}2696C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 00000110 0000007c NT AUTHORITY\SYSTEM 154100x80000000000000005316Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:30:51.540{08CB57FB-C1BB-64AB-D600-00000000FA02}2696C:\Windows\System32\smss.exe10.0.14393.2969 (rs1_release.190503-1820)Windows Session ManagerMicrosoft® Windows® Operating SystemMicrosoft Corporationsmss.exe\SystemRoot\System32\smss.exe 00000110 0000007c C:\Windows\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e72SystemMD5=725EC50D4B0F607BF5B45B5E0115770B,SHA256=56881BCAEAC350107A6453F38F020FE0E284DBE2E8A6F37ED482985E0DD98EA7,IMPHASH=09DDECA5943933973FE7DDDD24ED724A{08CB57FB-BF03-64AB-0200-00000000FA02}280C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exeNT AUTHORITY\SYSTEM 154100x80000000000000005320Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:30:52.163{08CB57FB-C1BC-64AB-DA00-00000000FA02}1008C:\Windows\System32\dwm.exe10.0.14393.0 (rs1_release.160715-1616)Desktop Window ManagerMicrosoft® Windows® Operating SystemMicrosoft Corporationdwm.exe"dwm.exe"C:\Windows\system32\Window Manager\DWM-2{08CB57FB-C1BC-64AB-295B-070000000000}0x75b292SystemMD5=C89F159A577F19F7F03C73C98D29D841,SHA256=B3E37997C1C62DD90D69EF83D6A6FC782BF9A5B8AD04A0D1528A8B7FA31AA408,IMPHASH=DDB7DE3741333EE031929A760FCD4542{08CB57FB-C1BB-64AB-D800-00000000FA02}1108C:\Windows\System32\winlogon.exewinlogon.exeNT AUTHORITY\SYSTEM 154100x80000000000000005319Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:30:52.101{08CB57FB-C1BC-64AB-D900-00000000FA02}3036C:\Windows\System32\LogonUI.exe10.0.14393.0 (rs1_release.160715-1616)Windows Logon User Interface HostMicrosoft® Windows® Operating SystemMicrosoft Corporationlogonui.exe"LogonUI.exe" /flags:0x2 /state0:0xa3a5d855 /state1:0x41c64e6dC:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e72SystemMD5=B38DFCF985D8AE5B1A17C264981E61C7,SHA256=AA62D29803D52EC06CD27ED3124E034048F09606EB7342181913C9817C7B44C5,IMPHASH=A6F3A84D171E55B51A7343E05C8DFAC3{08CB57FB-C1BB-64AB-D800-00000000FA02}1108C:\Windows\System32\winlogon.exewinlogon.exeNT AUTHORITY\SYSTEM 154100x80000000000000005336Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:30:53.768{08CB57FB-C1BD-64AB-E700-00000000FA02}3608C:\Windows\explorer.exe10.0.14393.5648 (rs1_release.230105-1654)Windows ExplorerMicrosoft® Windows® Operating SystemMicrosoft CorporationEXPLORER.EXEC:\Windows\Explorer.EXEC:\Windows\system32\AR-WIN-2\Administrator{08CB57FB-C1BC-64AB-DD9C-070000000000}0x79cdd2HighMD5=8F7BA5D66FBAB4AEB6075DBE6BE41A84,SHA256=E6F7E06CB3A4CA1B73DD708F2DA6AB86E5AC4BAAB1C26A98AC29EACBC869A28E,IMPHASH=8D2880102609AA4B23679BD4FEBEBC95{08CB57FB-C1BD-64AB-E600-00000000FA02}3584C:\Windows\System32\userinit.exeC:\Windows\system32\userinit.exeAR-WIN-2\Administrator 154100x80000000000000005335Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:30:53.747{08CB57FB-C1BD-64AB-E600-00000000FA02}3584C:\Windows\System32\userinit.exe10.0.14393.0 (rs1_release.160715-1616)Userinit Logon ApplicationMicrosoft® Windows® Operating SystemMicrosoft CorporationUSERINIT.EXEC:\Windows\system32\userinit.exeC:\Windows\system32\AR-WIN-2\Administrator{08CB57FB-C1BC-64AB-DD9C-070000000000}0x79cdd2HighMD5=C1B1FFC800BE2F31EB2CF8CB40629C69,SHA256=CFC6A18FC8FE7447ECD491345A32F0F10208F114B70A0E9D1CD72F6070D5B36F,IMPHASH=BFA137B16F3492AFCA0551687B067C04{08CB57FB-C1BB-64AB-D800-00000000FA02}1108C:\Windows\System32\winlogon.exewinlogon.exeNT AUTHORITY\SYSTEM 13241300x80000000000000005334Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localT1031,T1050SetValue2023-07-10 08:30:53.500{08CB57FB-BF04-64AB-0A00-00000000FA02}572C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\WpnUserService_7b877\ImagePathC:\Windows\system32\svchost.exe -k UnistackSvcGroupNT AUTHORITY\SYSTEM 13241300x80000000000000005333Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localT1031,T1050SetValue2023-07-10 08:30:53.500{08CB57FB-BF04-64AB-0A00-00000000FA02}572C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\WpnUserService_7b877\StartDWORD (0x00000003)NT AUTHORITY\SYSTEM 13241300x80000000000000005332Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localT1031,T1050SetValue2023-07-10 08:30:53.500{08CB57FB-BF04-64AB-0A00-00000000FA02}572C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\UserDataSvc_7b877\ImagePathC:\Windows\system32\svchost.exe -k UnistackSvcGroupNT AUTHORITY\SYSTEM 13241300x80000000000000005331Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localT1031,T1050SetValue2023-07-10 08:30:53.500{08CB57FB-BF04-64AB-0A00-00000000FA02}572C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\UserDataSvc_7b877\StartDWORD (0x00000003)NT AUTHORITY\SYSTEM 13241300x80000000000000005330Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localT1031,T1050SetValue2023-07-10 08:30:53.500{08CB57FB-BF04-64AB-0A00-00000000FA02}572C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\UnistoreSvc_7b877\ImagePathC:\Windows\System32\svchost.exe -k UnistackSvcGroupNT AUTHORITY\SYSTEM 13241300x80000000000000005329Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localT1031,T1050SetValue2023-07-10 08:30:53.500{08CB57FB-BF04-64AB-0A00-00000000FA02}572C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\UnistoreSvc_7b877\StartDWORD (0x00000003)NT AUTHORITY\SYSTEM 13241300x80000000000000005328Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localT1031,T1050SetValue2023-07-10 08:30:53.500{08CB57FB-BF04-64AB-0A00-00000000FA02}572C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\PimIndexMaintenanceSvc_7b877\ImagePathC:\Windows\system32\svchost.exe -k UnistackSvcGroupNT AUTHORITY\SYSTEM 13241300x80000000000000005327Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localT1031,T1050SetValue2023-07-10 08:30:53.500{08CB57FB-BF04-64AB-0A00-00000000FA02}572C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\PimIndexMaintenanceSvc_7b877\StartDWORD (0x00000003)NT AUTHORITY\SYSTEM 13241300x80000000000000005326Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localT1031,T1050SetValue2023-07-10 08:30:53.500{08CB57FB-BF04-64AB-0A00-00000000FA02}572C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\OneSyncSvc_7b877\ImagePathC:\Windows\system32\svchost.exe -k UnistackSvcGroupNT AUTHORITY\SYSTEM 13241300x80000000000000005325Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localT1031,T1050SetValue2023-07-10 08:30:53.500{08CB57FB-BF04-64AB-0A00-00000000FA02}572C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\OneSyncSvc_7b877\StartDWORD (0x00000002)NT AUTHORITY\SYSTEM 13241300x80000000000000005324Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localT1031,T1050SetValue2023-07-10 08:30:53.500{08CB57FB-BF04-64AB-0A00-00000000FA02}572C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\CDPUserSvc_7b877\ImagePathC:\Windows\system32\svchost.exe -k UnistackSvcGroupNT AUTHORITY\SYSTEM 13241300x80000000000000005323Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localT1031,T1050SetValue2023-07-10 08:30:53.500{08CB57FB-BF04-64AB-0A00-00000000FA02}572C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\CDPUserSvc_7b877\StartDWORD (0x00000002)NT AUTHORITY\SYSTEM 154100x80000000000000005322Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:30:53.291{08CB57FB-C1BD-64AB-DD00-00000000FA02}3152C:\Windows\System32\rdpclip.exe10.0.14393.3503 (rs1_release.200131-0410)RDP Clipboard MonitorMicrosoft® Windows® Operating SystemMicrosoft Corporationrdpclip.exerdpclipC:\Windows\system32\AR-WIN-2\Administrator{08CB57FB-C1BC-64AB-DD9C-070000000000}0x79cdd2HighMD5=D887E718FB0F4C99B9F01C5BD59F8B90,SHA256=ACFA1128B4EDD953F6364FA6216337A59C0522A01349263A11259A827838A56F,IMPHASH=5A464814303942D42A66B561CF697F26{08CB57FB-BF05-64AB-0F00-00000000FA02}884C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k termsvcsNT AUTHORITY\NETWORK SERVICE 154100x80000000000000005321Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:30:53.251{08CB57FB-C1BD-64AB-DC00-00000000FA02}3108C:\Windows\System32\TSTheme.exe10.0.14393.4169 (rs1_release.210107-1130)TSTheme Server ModuleMicrosoft® Windows® Operating SystemMicrosoft CorporationTSThemeS.exeC:\Windows\system32\TSTheme.exe -EmbeddingC:\Windows\system32\AR-WIN-2\Administrator{08CB57FB-C1BC-64AB-DD9C-070000000000}0x79cdd2HighMD5=D5E6B1DA9AEE1CC85A50894A07700B98,SHA256=3A22AAA677B8B658386F6A22ECFB36795DC1BE55AED591FEAA05CA8D36973464,IMPHASH=851EBF0BAEED8A212E02B93229FDC674{08CB57FB-BF05-64AB-0C00-00000000FA02}680C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunchNT AUTHORITY\SYSTEM 154100x80000000000000005337Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:30:55.421{08CB57FB-C1BF-64AB-EC00-00000000FA02}3680C:\Windows\SysWOW64\dllhost.exe10.0.14393.0 (rs1_release.160715-1616)COM SurrogateMicrosoft® Windows® Operating SystemMicrosoft Corporationdllhost.exeC:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}C:\Windows\system32\AR-WIN-2\Administrator{08CB57FB-C1BC-64AB-DD9C-070000000000}0x79cdd2HighMD5=6046950FC9CA5B7A7E084C189658DACB,SHA256=5137C324038AB2E8EAB4F98A20BEE9F121346D62E4D907CA1E4A860F4C54EAE8,IMPHASH=EC90A0D780E0DD23BA7910ABD6BF7E32{08CB57FB-BF05-64AB-0C00-00000000FA02}680C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunchNT AUTHORITY\SYSTEM 11241100x80000000000000005340Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:31:05.526{08CB57FB-C1C9-64AB-F000-00000000FA02}4232C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\2\__PSScriptPolicyTest_0135qp4v.0z5.ps12023-07-10 08:31:05.526AR-WIN-2\Administrator 154100x80000000000000005339Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:31:05.434{08CB57FB-C1C9-64AB-F000-00000000FA02}4232C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXEC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -NoLogo -WindowStyle hidden -ExecutionPolicy Unrestricted "Import-Module "C:\ProgramData\Amazon\EC2-Windows\Launch\Module\Ec2Launch.psd1"; Set-Wallpaper"C:\Windows\system32\AR-WIN-2\Administrator{08CB57FB-C1BC-64AB-DD9C-070000000000}0x79cdd2HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{08CB57FB-C1C9-64AB-EE00-00000000FA02}4184C:\Windows\System32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RunWallpaperSetup.cmd" "AR-WIN-2\Administrator 154100x80000000000000005338Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:31:05.359{08CB57FB-C1C9-64AB-EE00-00000000FA02}4184C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.ExeC:\Windows\system32\cmd.exe /c ""C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RunWallpaperSetup.cmd" "C:\Windows\system32\AR-WIN-2\Administrator{08CB57FB-C1BC-64AB-DD9C-070000000000}0x79cdd2HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{08CB57FB-C1BD-64AB-E700-00000000FA02}3608C:\Windows\explorer.exeC:\Windows\Explorer.EXEAR-WIN-2\Administrator 154100x80000000000000005363Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:31:07.961{08CB57FB-C1CB-64AB-FA00-00000000FA02}5116C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe4.8.3761.0 built by: NET48REL1Visual C# Command Line CompilerMicrosoft® .NET FrameworkMicrosoft Corporationcsc.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Administrator\AppData\Local\Temp\2\diiit5sb\diiit5sb.cmdline"C:\Windows\system32\AR-WIN-2\Administrator{08CB57FB-C1BC-64AB-DD9C-070000000000}0x79cdd2HighMD5=23EE3D381CFE3B9F6229483E2CE2F9E1,SHA256=4240A12E0B246C9D69AF1F697488FE7DA1B497DF20F4A6F95135B4D5FE180A57,IMPHASH=EE1E569AD02AA1F7AECA80AC0601D80D{08CB57FB-C1C9-64AB-F000-00000000FA02}4232C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -NoLogo -WindowStyle hidden -ExecutionPolicy Unrestricted "Import-Module "C:\ProgramData\Amazon\EC2-Windows\Launch\Module\Ec2Launch.psd1"; Set-Wallpaper"AR-WIN-2\Administrator 11241100x80000000000000005362Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:31:07.948{08CB57FB-C1C9-64AB-F000-00000000FA02}4232C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\2\diiit5sb\diiit5sb.cmdline2023-07-10 08:31:07.948AR-WIN-2\Administrator 11241100x80000000000000005361Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localDLL2023-07-10 08:31:07.948{08CB57FB-C1C9-64AB-F000-00000000FA02}4232C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\2\diiit5sb\diiit5sb.dll2023-07-10 08:31:07.948AR-WIN-2\Administrator 11241100x80000000000000005360Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localDLL2023-07-10 08:31:07.666{08CB57FB-C1CB-64AB-F700-00000000FA02}5000C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeC:\Users\Administrator\AppData\Local\Temp\2\vaculbkh\vaculbkh.dll2023-07-10 08:31:07.588AR-WIN-2\Administrator 154100x80000000000000005359Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:31:07.658{08CB57FB-C1CB-64AB-F800-00000000FA02}5020C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe14.10.25028.0 built by: VCTOOLSD15RTMMicrosoft® Resource File To COFF Object Conversion UtilityMicrosoft® .NET FrameworkMicrosoft CorporationCVTRES.EXEC:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\ADMINI~1\AppData\Local\Temp\2\RESE29F.tmp" "c:\Users\Administrator\AppData\Local\Temp\2\vaculbkh\CSC2F1923AF4F9645D2BBEDB7A8E8141880.TMP"C:\Windows\system32\AR-WIN-2\Administrator{08CB57FB-C1BC-64AB-DD9C-070000000000}0x79cdd2HighMD5=C877CBB966EA5939AA2A17B6A5160950,SHA256=1FE531EAC592B480AA4BD16052B909C3431434F17E7AE163D248355558CE43A6,IMPHASH=55D76ADE7FFEA0F41FF2B55505C2B362{08CB57FB-C1CB-64AB-F700-00000000FA02}5000C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Administrator\AppData\Local\Temp\2\vaculbkh\vaculbkh.cmdline"AR-WIN-2\Administrator 154100x80000000000000005358Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:31:07.603{08CB57FB-C1CB-64AB-F700-00000000FA02}5000C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe4.8.3761.0 built by: NET48REL1Visual C# Command Line CompilerMicrosoft® .NET FrameworkMicrosoft Corporationcsc.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Administrator\AppData\Local\Temp\2\vaculbkh\vaculbkh.cmdline"C:\Windows\system32\AR-WIN-2\Administrator{08CB57FB-C1BC-64AB-DD9C-070000000000}0x79cdd2HighMD5=23EE3D381CFE3B9F6229483E2CE2F9E1,SHA256=4240A12E0B246C9D69AF1F697488FE7DA1B497DF20F4A6F95135B4D5FE180A57,IMPHASH=EE1E569AD02AA1F7AECA80AC0601D80D{08CB57FB-C1C9-64AB-F000-00000000FA02}4232C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -NoLogo -WindowStyle hidden -ExecutionPolicy Unrestricted "Import-Module "C:\ProgramData\Amazon\EC2-Windows\Launch\Module\Ec2Launch.psd1"; Set-Wallpaper"AR-WIN-2\Administrator 11241100x80000000000000005357Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:31:07.588{08CB57FB-C1C9-64AB-F000-00000000FA02}4232C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\2\vaculbkh\vaculbkh.cmdline2023-07-10 08:31:07.588AR-WIN-2\Administrator 11241100x80000000000000005356Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localDLL2023-07-10 08:31:07.588{08CB57FB-C1C9-64AB-F000-00000000FA02}4232C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\2\vaculbkh\vaculbkh.dll2023-07-10 08:31:07.588AR-WIN-2\Administrator 11241100x80000000000000005355Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localDLL2023-07-10 08:31:07.573{08CB57FB-C1CB-64AB-F500-00000000FA02}4932C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeC:\Users\Administrator\AppData\Local\Temp\2\fcldiel0\fcldiel0.dll2023-07-10 08:31:07.495AR-WIN-2\Administrator 154100x80000000000000005354Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:31:07.570{08CB57FB-C1CB-64AB-F600-00000000FA02}4960C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe14.10.25028.0 built by: VCTOOLSD15RTMMicrosoft® Resource File To COFF Object Conversion UtilityMicrosoft® .NET FrameworkMicrosoft CorporationCVTRES.EXEC:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\ADMINI~1\AppData\Local\Temp\2\RESE241.tmp" "c:\Users\Administrator\AppData\Local\Temp\2\fcldiel0\CSC2481A39BA1CA40E193F133347EAFD35C.TMP"C:\Windows\system32\AR-WIN-2\Administrator{08CB57FB-C1BC-64AB-DD9C-070000000000}0x79cdd2HighMD5=C877CBB966EA5939AA2A17B6A5160950,SHA256=1FE531EAC592B480AA4BD16052B909C3431434F17E7AE163D248355558CE43A6,IMPHASH=55D76ADE7FFEA0F41FF2B55505C2B362{08CB57FB-C1CB-64AB-F500-00000000FA02}4932C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Administrator\AppData\Local\Temp\2\fcldiel0\fcldiel0.cmdline"AR-WIN-2\Administrator 154100x80000000000000005353Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:31:07.509{08CB57FB-C1CB-64AB-F500-00000000FA02}4932C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe4.8.3761.0 built by: NET48REL1Visual C# Command Line CompilerMicrosoft® .NET FrameworkMicrosoft Corporationcsc.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Administrator\AppData\Local\Temp\2\fcldiel0\fcldiel0.cmdline"C:\Windows\system32\AR-WIN-2\Administrator{08CB57FB-C1BC-64AB-DD9C-070000000000}0x79cdd2HighMD5=23EE3D381CFE3B9F6229483E2CE2F9E1,SHA256=4240A12E0B246C9D69AF1F697488FE7DA1B497DF20F4A6F95135B4D5FE180A57,IMPHASH=EE1E569AD02AA1F7AECA80AC0601D80D{08CB57FB-C1C9-64AB-F000-00000000FA02}4232C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -NoLogo -WindowStyle hidden -ExecutionPolicy Unrestricted "Import-Module "C:\ProgramData\Amazon\EC2-Windows\Launch\Module\Ec2Launch.psd1"; Set-Wallpaper"AR-WIN-2\Administrator 11241100x80000000000000005352Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:31:07.495{08CB57FB-C1C9-64AB-F000-00000000FA02}4232C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\2\fcldiel0\fcldiel0.cmdline2023-07-10 08:31:07.495AR-WIN-2\Administrator 11241100x80000000000000005351Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localDLL2023-07-10 08:31:07.495{08CB57FB-C1C9-64AB-F000-00000000FA02}4232C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\2\fcldiel0\fcldiel0.dll2023-07-10 08:31:07.495AR-WIN-2\Administrator 11241100x80000000000000005350Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localDLL2023-07-10 08:31:07.479{08CB57FB-C1CB-64AB-F300-00000000FA02}4884C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeC:\Users\Administrator\AppData\Local\Temp\2\zl2mwzw1\zl2mwzw1.dll2023-07-10 08:31:07.417AR-WIN-2\Administrator 154100x80000000000000005349Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:31:07.476{08CB57FB-C1CB-64AB-F400-00000000FA02}4904C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe14.10.25028.0 built by: VCTOOLSD15RTMMicrosoft® Resource File To COFF Object Conversion UtilityMicrosoft® .NET FrameworkMicrosoft CorporationCVTRES.EXEC:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\ADMINI~1\AppData\Local\Temp\2\RESE1E3.tmp" "c:\Users\Administrator\AppData\Local\Temp\2\zl2mwzw1\CSCE79F6E4A3E4408AB5BF55DACA357.TMP"C:\Windows\system32\AR-WIN-2\Administrator{08CB57FB-C1BC-64AB-DD9C-070000000000}0x79cdd2HighMD5=C877CBB966EA5939AA2A17B6A5160950,SHA256=1FE531EAC592B480AA4BD16052B909C3431434F17E7AE163D248355558CE43A6,IMPHASH=55D76ADE7FFEA0F41FF2B55505C2B362{08CB57FB-C1CB-64AB-F300-00000000FA02}4884C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Administrator\AppData\Local\Temp\2\zl2mwzw1\zl2mwzw1.cmdline"AR-WIN-2\Administrator 154100x80000000000000005348Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:31:07.419{08CB57FB-C1CB-64AB-F300-00000000FA02}4884C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe4.8.3761.0 built by: NET48REL1Visual C# Command Line CompilerMicrosoft® .NET FrameworkMicrosoft Corporationcsc.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Administrator\AppData\Local\Temp\2\zl2mwzw1\zl2mwzw1.cmdline"C:\Windows\system32\AR-WIN-2\Administrator{08CB57FB-C1BC-64AB-DD9C-070000000000}0x79cdd2HighMD5=23EE3D381CFE3B9F6229483E2CE2F9E1,SHA256=4240A12E0B246C9D69AF1F697488FE7DA1B497DF20F4A6F95135B4D5FE180A57,IMPHASH=EE1E569AD02AA1F7AECA80AC0601D80D{08CB57FB-C1C9-64AB-F000-00000000FA02}4232C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -NoLogo -WindowStyle hidden -ExecutionPolicy Unrestricted "Import-Module "C:\ProgramData\Amazon\EC2-Windows\Launch\Module\Ec2Launch.psd1"; Set-Wallpaper"AR-WIN-2\Administrator 11241100x80000000000000005347Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:31:07.417{08CB57FB-C1C9-64AB-F000-00000000FA02}4232C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\2\zl2mwzw1\zl2mwzw1.cmdline2023-07-10 08:31:07.417AR-WIN-2\Administrator 11241100x80000000000000005346Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localDLL2023-07-10 08:31:07.417{08CB57FB-C1C9-64AB-F000-00000000FA02}4232C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\2\zl2mwzw1\zl2mwzw1.dll2023-07-10 08:31:07.417AR-WIN-2\Administrator 11241100x80000000000000005345Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localDLL2023-07-10 08:31:07.385{08CB57FB-C1CB-64AB-F100-00000000FA02}4832C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeC:\Users\Administrator\AppData\Local\Temp\2\ez0xt3p3\ez0xt3p3.dll2023-07-10 08:31:07.151AR-WIN-2\Administrator 154100x80000000000000005344Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:31:07.380{08CB57FB-C1CB-64AB-F200-00000000FA02}4856C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe14.10.25028.0 built by: VCTOOLSD15RTMMicrosoft® Resource File To COFF Object Conversion UtilityMicrosoft® .NET FrameworkMicrosoft CorporationCVTRES.EXEC:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\ADMINI~1\AppData\Local\Temp\2\RESE185.tmp" "c:\Users\Administrator\AppData\Local\Temp\2\ez0xt3p3\CSC94F5441E8A134DF98849E1DF74BDE54.TMP"C:\Windows\system32\AR-WIN-2\Administrator{08CB57FB-C1BC-64AB-DD9C-070000000000}0x79cdd2HighMD5=C877CBB966EA5939AA2A17B6A5160950,SHA256=1FE531EAC592B480AA4BD16052B909C3431434F17E7AE163D248355558CE43A6,IMPHASH=55D76ADE7FFEA0F41FF2B55505C2B362{08CB57FB-C1CB-64AB-F100-00000000FA02}4832C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Administrator\AppData\Local\Temp\2\ez0xt3p3\ez0xt3p3.cmdline"AR-WIN-2\Administrator 154100x80000000000000005343Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:31:07.172{08CB57FB-C1CB-64AB-F100-00000000FA02}4832C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe4.8.3761.0 built by: NET48REL1Visual C# Command Line CompilerMicrosoft® .NET FrameworkMicrosoft Corporationcsc.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Administrator\AppData\Local\Temp\2\ez0xt3p3\ez0xt3p3.cmdline"C:\Windows\system32\AR-WIN-2\Administrator{08CB57FB-C1BC-64AB-DD9C-070000000000}0x79cdd2HighMD5=23EE3D381CFE3B9F6229483E2CE2F9E1,SHA256=4240A12E0B246C9D69AF1F697488FE7DA1B497DF20F4A6F95135B4D5FE180A57,IMPHASH=EE1E569AD02AA1F7AECA80AC0601D80D{08CB57FB-C1C9-64AB-F000-00000000FA02}4232C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoProfile -NonInteractive -NoLogo -WindowStyle hidden -ExecutionPolicy Unrestricted "Import-Module "C:\ProgramData\Amazon\EC2-Windows\Launch\Module\Ec2Launch.psd1"; Set-Wallpaper"AR-WIN-2\Administrator 11241100x80000000000000005342Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:31:07.151{08CB57FB-C1C9-64AB-F000-00000000FA02}4232C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\2\ez0xt3p3\ez0xt3p3.cmdline2023-07-10 08:31:07.151AR-WIN-2\Administrator 11241100x80000000000000005341Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localDLL2023-07-10 08:31:07.151{08CB57FB-C1C9-64AB-F000-00000000FA02}4232C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\2\ez0xt3p3\ez0xt3p3.dll2023-07-10 08:31:07.151AR-WIN-2\Administrator 11241100x80000000000000005365Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localDLL2023-07-10 08:31:08.028{08CB57FB-C1CB-64AB-FA00-00000000FA02}5116C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeC:\Users\Administrator\AppData\Local\Temp\2\diiit5sb\diiit5sb.dll2023-07-10 08:31:07.948AR-WIN-2\Administrator 154100x80000000000000005364Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:31:08.025{08CB57FB-C1CC-64AB-FB00-00000000FA02}1592C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe14.10.25028.0 built by: VCTOOLSD15RTMMicrosoft® Resource File To COFF Object Conversion UtilityMicrosoft® .NET FrameworkMicrosoft CorporationCVTRES.EXEC:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\ADMINI~1\AppData\Local\Temp\2\RESE406.tmp" "c:\Users\Administrator\AppData\Local\Temp\2\diiit5sb\CSC98B50233815F4CDBAFDB7BB3561F6627.TMP"C:\Windows\system32\AR-WIN-2\Administrator{08CB57FB-C1BC-64AB-DD9C-070000000000}0x79cdd2HighMD5=C877CBB966EA5939AA2A17B6A5160950,SHA256=1FE531EAC592B480AA4BD16052B909C3431434F17E7AE163D248355558CE43A6,IMPHASH=55D76ADE7FFEA0F41FF2B55505C2B362{08CB57FB-C1CB-64AB-FA00-00000000FA02}5116C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Administrator\AppData\Local\Temp\2\diiit5sb\diiit5sb.cmdline"AR-WIN-2\Administrator 354300x80000000000000005369Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:31:08.293{08CB57FB-C1C9-64AB-F000-00000000FA02}4232C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeAR-WIN-2\Administratortcptruefalse10.0.1.15ar-win-2.attackrange.local49802-false169.254.169.254-80http 354300x80000000000000005368Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:31:08.289{08CB57FB-C1C9-64AB-F000-00000000FA02}4232C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeAR-WIN-2\Administratortcptruefalse10.0.1.15ar-win-2.attackrange.local49801-false169.254.169.254-80http 354300x80000000000000005367Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:31:08.274{08CB57FB-C1C9-64AB-F000-00000000FA02}4232C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeAR-WIN-2\Administratortcptruefalse10.0.1.15ar-win-2.attackrange.local49800-false169.254.169.254-80http 354300x80000000000000005366Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:31:08.249{08CB57FB-C1C9-64AB-F000-00000000FA02}4232C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeAR-WIN-2\Administratortcptruefalse10.0.1.15ar-win-2.attackrange.local49799-false169.254.169.254-80http 354300x80000000000000005371Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:31:09.269{08CB57FB-C1C9-64AB-F000-00000000FA02}4232C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeAR-WIN-2\Administratortcptruefalse10.0.1.15ar-win-2.attackrange.local49804-false169.254.169.254-80http 354300x80000000000000005370Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:31:09.266{08CB57FB-C1C9-64AB-F000-00000000FA02}4232C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeAR-WIN-2\Administratortcptruefalse10.0.1.15ar-win-2.attackrange.local49803-false169.254.169.254-80http 154100x80000000000000005372Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:31:26.300{08CB57FB-C1DE-64AB-FC00-00000000FA02}4480C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=A434E761D405DDC4EC4411D69D80BAAB,SHA256=DC09085E78020D3044660ED762A8FDBEA00FD859B4EADBE92F8725A9A654F294,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005373Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:31:28.222{08CB57FB-C1E0-64AB-FD00-00000000FA02}4528C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.5Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=513972A5A10DC2984285F0B15171C10E,SHA256=B025CC16487F6B5B1D63E7080172856F56A669764AF01CCE8C06B4CFDECCD682,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005374Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:31:29.925{08CB57FB-C1E1-64AB-FE00-00000000FA02}4580C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005376Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:31:31.753{08CB57FB-C1E3-64AB-0001-00000000FA02}4672C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.5Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=056A3A318008FF93D6951CA5561B052F,SHA256=9FCD6D853054A359FDAB4CE80E110DEF60EA62DBE7EA90DCBA0FC0F778D0C4E7,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005375Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:31:31.003{08CB57FB-C1E3-64AB-FF00-00000000FA02}4636C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 13241300x80000000000000005377Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-SetValue2023-07-10 08:31:38.310{08CB57FB-C1BD-64AB-E700-00000000FA02}3608C:\Windows\Explorer.EXEHKU\S-1-5-21-3179303874-1983987604-3427696531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{23170F69-40C1-278A-1000-000100020000} {000214E4-0000-0000-C000-000000000046} 0xFFFFBinary DataAR-WIN-2\Administrator 154100x80000000000000005378Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:31:43.815{08CB57FB-C1EF-64AB-0201-00000000FA02}4888C:\Windows\System32\rundll32.exe10.0.14393.4169 (rs1_release.210107-1130)Windows host process (Rundll32)Microsoft® Windows® Operating SystemMicrosoft CorporationRUNDLL32.EXEC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -EmbeddingC:\Windows\system32\AR-WIN-2\Administrator{08CB57FB-C1BC-64AB-DD9C-070000000000}0x79cdd2HighMD5=23DB802097F7B7E520E40068A7E68B14,SHA256=28DE7D3E8BF4B19E44063A4BFC2E7C30AE488CD9A1F63320ED374E14AAECA667,IMPHASH=7D1CE1BAFE48B63D9D19E8E0E5DF3E6C{08CB57FB-BF05-64AB-0C00-00000000FA02}680C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunchNT AUTHORITY\SYSTEM 154100x80000000000000004642Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 08:31:44.232{4E8F5BFB-C1F0-64AB-D400-00000000F902}3740C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=A434E761D405DDC4EC4411D69D80BAAB,SHA256=DC09085E78020D3044660ED762A8FDBEA00FD859B4EADBE92F8725A9A654F294,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 13241300x80000000000000005384Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-SetValue2023-07-10 08:31:46.932{08CB57FB-C1BD-64AB-E700-00000000FA02}3608C:\Windows\Explorer.EXEHKU\S-1-5-21-3179303874-1983987604-3427696531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE} {00000122-0000-0000-C000-000000000046} 0xFFFFBinary DataAR-WIN-2\Administrator 13241300x80000000000000005383Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-SetValue2023-07-10 08:31:46.885{08CB57FB-C1BD-64AB-E700-00000000FA02}3608C:\Windows\Explorer.EXEHKU\S-1-5-21-3179303874-1983987604-3427696531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{ECF03A32-103D-11D2-854D-006008059367} {00000122-0000-0000-C000-000000000046} 0xFFFFBinary DataAR-WIN-2\Administrator 13241300x80000000000000005382Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-SetValue2023-07-10 08:31:46.869{08CB57FB-C1BD-64AB-E700-00000000FA02}3608C:\Windows\Explorer.EXEHKU\S-1-5-21-3179303874-1983987604-3427696531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE} {00000122-0000-0000-C000-000000000046} 0xFFFFBinary DataAR-WIN-2\Administrator 13241300x80000000000000005381Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-SetValue2023-07-10 08:31:46.854{08CB57FB-C1BD-64AB-E700-00000000FA02}3608C:\Windows\Explorer.EXEHKU\S-1-5-21-3179303874-1983987604-3427696531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{888DCA60-FC0A-11CF-8F0F-00C04FD7D062} {00000122-0000-0000-C000-000000000046} 0xFFFFBinary DataAR-WIN-2\Administrator 13241300x80000000000000005380Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-SetValue2023-07-10 08:31:46.791{08CB57FB-C1BD-64AB-E700-00000000FA02}3608C:\Windows\Explorer.EXEHKU\S-1-5-21-3179303874-1983987604-3427696531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{B298D29A-A6ED-11DE-BA8C-A68E55D89593} {A08CE4D0-FA25-44AB-B57C-C7B1C323E0B9} 0xFFFFBinary DataAR-WIN-2\Administrator 13241300x80000000000000005379Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-SetValue2023-07-10 08:31:46.775{08CB57FB-C1BD-64AB-E700-00000000FA02}3608C:\Windows\Explorer.EXEHKU\S-1-5-21-3179303874-1983987604-3427696531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{99D353BC-C813-41EC-8F28-EAE61E702E57} {A08CE4D0-FA25-44AB-B57C-C7B1C323E0B9} 0xFFFFBinary DataAR-WIN-2\Administrator 154100x80000000000000004643Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 08:31:46.091{4E8F5BFB-C1F2-64AB-D500-00000000F902}3512C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.5Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=513972A5A10DC2984285F0B15171C10E,SHA256=B025CC16487F6B5B1D63E7080172856F56A669764AF01CCE8C06B4CFDECCD682,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 13241300x80000000000000005385Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-SetValue2023-07-10 08:31:47.994{08CB57FB-C1BD-64AB-E700-00000000FA02}3608C:\Windows\Explorer.EXEHKU\S-1-5-21-3179303874-1983987604-3427696531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{939D20AC-8036-406F-BD5C-BF672896BD71} {A08CE4D0-FA25-44AB-B57C-C7B1C323E0B9} 0xFFFFBinary DataAR-WIN-2\Administrator 154100x80000000000000004644Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 08:31:47.342{4E8F5BFB-C1F3-64AB-D600-00000000F902}3456C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004645Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 08:31:48.092{4E8F5BFB-C1F4-64AB-D700-00000000F902}2528C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004646Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 08:31:49.436{4E8F5BFB-C1F5-64AB-D800-00000000F902}2752C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.5Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=056A3A318008FF93D6951CA5561B052F,SHA256=9FCD6D853054A359FDAB4CE80E110DEF60EA62DBE7EA90DCBA0FC0F778D0C4E7,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 13241300x80000000000000005388Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localT1158SetValue2023-07-10 08:31:49.244{08CB57FB-C1BD-64AB-E700-00000000FA02}3608C:\Windows\Explorer.EXEHKU\S-1-5-21-3179303874-1983987604-3427696531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHiddenDWORD (0x00000000)AR-WIN-2\Administrator 13241300x80000000000000005387Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localT1158SetValue2023-07-10 08:31:49.244{08CB57FB-C1BD-64AB-E700-00000000FA02}3608C:\Windows\Explorer.EXEHKU\S-1-5-21-3179303874-1983987604-3427696531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExtDWORD (0x00000000)AR-WIN-2\Administrator 13241300x80000000000000005386Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localT1158SetValue2023-07-10 08:31:49.244{08CB57FB-C1BD-64AB-E700-00000000FA02}3608C:\Windows\Explorer.EXEHKU\S-1-5-21-3179303874-1983987604-3427696531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HiddenDWORD (0x00000002)AR-WIN-2\Administrator 154100x80000000000000005389Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:31:51.766{08CB57FB-C1F7-64AB-0301-00000000FA02}904C:\Program Files\Notepad++\notepad++.exe8.54Notepad++Notepad++Don HO don.h@free.frnotepad++.exe"C:\Program Files\Notepad++\notepad++.exe" "C:\Program Files\ansible\SwiftOnSecurity.xml" C:\Windows\system32\AR-WIN-2\Administrator{08CB57FB-C1BC-64AB-DD9C-070000000000}0x79cdd2HighMD5=512F4350AEE7EB50ADF509008A3AD3CE,SHA256=64F7A36C01E79CD4B041E8A8607DFF06D5B606D36E3DFF9CFB5FFFA22D14D34C,IMPHASH=D57AA5C8A1734678F115D14E4B50AFD6{08CB57FB-C1BD-64AB-E700-00000000FA02}3608C:\Windows\explorer.exeC:\Windows\Explorer.EXEAR-WIN-2\Administrator 154100x80000000000000005390Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:32:26.290{08CB57FB-C21A-64AB-0401-00000000FA02}4324C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=A434E761D405DDC4EC4411D69D80BAAB,SHA256=DC09085E78020D3044660ED762A8FDBEA00FD859B4EADBE92F8725A9A654F294,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005391Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:32:28.212{08CB57FB-C21C-64AB-0501-00000000FA02}4300C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.5Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=513972A5A10DC2984285F0B15171C10E,SHA256=B025CC16487F6B5B1D63E7080172856F56A669764AF01CCE8C06B4CFDECCD682,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005392Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:32:29.930{08CB57FB-C21D-64AB-0601-00000000FA02}4340C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005393Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:32:30.992{08CB57FB-C21E-64AB-0701-00000000FA02}4344C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005394Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:32:31.742{08CB57FB-C21F-64AB-0801-00000000FA02}3348C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.5Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=056A3A318008FF93D6951CA5561B052F,SHA256=9FCD6D853054A359FDAB4CE80E110DEF60EA62DBE7EA90DCBA0FC0F778D0C4E7,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005395Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:32:43.230{08CB57FB-C22B-64AB-0901-00000000FA02}3604C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"cmd.exe" /s /k pushd "C:\Program Files\ansible\sysmon"C:\Windows\system32\AR-WIN-2\Administrator{08CB57FB-C1BC-64AB-DD9C-070000000000}0x79cdd2HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{08CB57FB-C1BD-64AB-E700-00000000FA02}3608C:\Windows\explorer.exeC:\Windows\Explorer.EXEAR-WIN-2\Administrator 154100x80000000000000004647Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 08:32:44.269{4E8F5BFB-C22C-64AB-D900-00000000F902}3424C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=A434E761D405DDC4EC4411D69D80BAAB,SHA256=DC09085E78020D3044660ED762A8FDBEA00FD859B4EADBE92F8725A9A654F294,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004648Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 08:32:46.129{4E8F5BFB-C22E-64AB-DA00-00000000F902}3876C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.5Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=513972A5A10DC2984285F0B15171C10E,SHA256=B025CC16487F6B5B1D63E7080172856F56A669764AF01CCE8C06B4CFDECCD682,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004649Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 08:32:47.348{4E8F5BFB-C22F-64AB-DB00-00000000F902}3772C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004650Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 08:32:48.114{4E8F5BFB-C230-64AB-DC00-00000000F902}2596C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004651Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 08:32:49.458{4E8F5BFB-C231-64AB-DD00-00000000F902}3784C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.5Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=056A3A318008FF93D6951CA5561B052F,SHA256=9FCD6D853054A359FDAB4CE80E110DEF60EA62DBE7EA90DCBA0FC0F778D0C4E7,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 16341600x80000000000000005397Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local2023-07-10 08:32:54.417C:\Program Files\ansible\SwiftOnSecurity.xmlSHA256=0117DF9F7619B33982754AEDFBD4A3498F9F73B7098C3697920B8D795334B2E5 154100x80000000000000005396Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:32:54.308{08CB57FB-C236-64AB-0C01-00000000FA02}4496C:\Program Files\ansible\sysmon\Sysmon64.exe15.0System activity monitorSysinternals SysmonSysinternals - www.sysinternals.com-Sysmon64.exe -c "C:\Program Files\ansible\SwiftOnSecurity.xml"C:\Program Files\ansible\sysmon\AR-WIN-2\Administrator{08CB57FB-C1BC-64AB-DD9C-070000000000}0x79cdd2HighMD5=B3B026CF8AA746DCE90C6D119397BC52,SHA256=5485CA7E2BE4AFC76AADD97536192CF2850228FE338083D6BAB4C981BD6DDF92,IMPHASH=354037478FC7C4B710213AA1C7DF31A4{08CB57FB-C22B-64AB-0901-00000000FA02}3604C:\Windows\System32\cmd.exe"cmd.exe" /s /k pushd "C:\Program Files\ansible\sysmon"AR-WIN-2\Administrator 154100x80000000000000005398Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:33:26.293{08CB57FB-C256-64AB-0D01-00000000FA02}4700C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=A434E761D405DDC4EC4411D69D80BAAB,SHA256=DC09085E78020D3044660ED762A8FDBEA00FD859B4EADBE92F8725A9A654F294,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005399Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:33:28.215{08CB57FB-C258-64AB-0E01-00000000FA02}4724C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.5Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=513972A5A10DC2984285F0B15171C10E,SHA256=B025CC16487F6B5B1D63E7080172856F56A669764AF01CCE8C06B4CFDECCD682,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005400Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:33:29.934{08CB57FB-C259-64AB-0F01-00000000FA02}4784C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005402Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:33:31.778{08CB57FB-C25B-64AB-1101-00000000FA02}4928C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005401Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:33:31.012{08CB57FB-C25B-64AB-1001-00000000FA02}4920C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.5Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=056A3A318008FF93D6951CA5561B052F,SHA256=9FCD6D853054A359FDAB4CE80E110DEF60EA62DBE7EA90DCBA0FC0F778D0C4E7,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004652Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 08:33:44.292{4E8F5BFB-C268-64AB-DE00-00000000F902}2400C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=A434E761D405DDC4EC4411D69D80BAAB,SHA256=DC09085E78020D3044660ED762A8FDBEA00FD859B4EADBE92F8725A9A654F294,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004653Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 08:33:46.168{4E8F5BFB-C26A-64AB-DF00-00000000F902}992C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.5Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=513972A5A10DC2984285F0B15171C10E,SHA256=B025CC16487F6B5B1D63E7080172856F56A669764AF01CCE8C06B4CFDECCD682,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004654Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 08:33:47.371{4E8F5BFB-C26B-64AB-E000-00000000F902}2408C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004655Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 08:33:48.137{4E8F5BFB-C26C-64AB-E100-00000000F902}1208C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004656Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 08:33:49.497{4E8F5BFB-C26D-64AB-E200-00000000F902}2676C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.5Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=056A3A318008FF93D6951CA5561B052F,SHA256=9FCD6D853054A359FDAB4CE80E110DEF60EA62DBE7EA90DCBA0FC0F778D0C4E7,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005403Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:34:26.310{08CB57FB-C292-64AB-1201-00000000FA02}3392C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=A434E761D405DDC4EC4411D69D80BAAB,SHA256=DC09085E78020D3044660ED762A8FDBEA00FD859B4EADBE92F8725A9A654F294,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005404Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:34:28.217{08CB57FB-C294-64AB-1301-00000000FA02}3856C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.5Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=513972A5A10DC2984285F0B15171C10E,SHA256=B025CC16487F6B5B1D63E7080172856F56A669764AF01CCE8C06B4CFDECCD682,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005405Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:34:29.951{08CB57FB-C295-64AB-1401-00000000FA02}4812C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 22542200x80000000000000004658Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 08:34:27.665{4E8F5BFB-BF03-64AB-0B00-00000000F902}592ar-win-dc.attackrange.local010.0.1.14;C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEM 22542200x80000000000000004657Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 08:34:27.665{4E8F5BFB-BF03-64AB-0B00-00000000F902}592ar-win-dc.attackrange.local0fe80::c883:140:1774:f352;C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEM 154100x80000000000000005407Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:34:31.763{08CB57FB-C297-64AB-1601-00000000FA02}3860C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005406Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:34:31.014{08CB57FB-C297-64AB-1501-00000000FA02}4336C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.5Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=056A3A318008FF93D6951CA5561B052F,SHA256=9FCD6D853054A359FDAB4CE80E110DEF60EA62DBE7EA90DCBA0FC0F778D0C4E7,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004659Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 08:34:44.323{4E8F5BFB-C2A4-64AB-E300-00000000F902}3768C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=A434E761D405DDC4EC4411D69D80BAAB,SHA256=DC09085E78020D3044660ED762A8FDBEA00FD859B4EADBE92F8725A9A654F294,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004660Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 08:34:46.183{4E8F5BFB-C2A6-64AB-E400-00000000F902}3696C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.5Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=513972A5A10DC2984285F0B15171C10E,SHA256=B025CC16487F6B5B1D63E7080172856F56A669764AF01CCE8C06B4CFDECCD682,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004661Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 08:34:47.386{4E8F5BFB-C2A7-64AB-E500-00000000F902}2412C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004662Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 08:34:48.152{4E8F5BFB-C2A8-64AB-E600-00000000F902}2400C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004663Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 08:34:49.512{4E8F5BFB-C2A9-64AB-E700-00000000F902}3972C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.5Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=056A3A318008FF93D6951CA5561B052F,SHA256=9FCD6D853054A359FDAB4CE80E110DEF60EA62DBE7EA90DCBA0FC0F778D0C4E7,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005408Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:35:26.330{08CB57FB-C2CE-64AB-1701-00000000FA02}5104C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=A434E761D405DDC4EC4411D69D80BAAB,SHA256=DC09085E78020D3044660ED762A8FDBEA00FD859B4EADBE92F8725A9A654F294,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005409Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:35:28.220{08CB57FB-C2D0-64AB-1801-00000000FA02}4424C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.5Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=513972A5A10DC2984285F0B15171C10E,SHA256=B025CC16487F6B5B1D63E7080172856F56A669764AF01CCE8C06B4CFDECCD682,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005410Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:35:29.955{08CB57FB-C2D1-64AB-1901-00000000FA02}3772C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005412Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:35:31.783{08CB57FB-C2D3-64AB-1B01-00000000FA02}4480C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.5Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=056A3A318008FF93D6951CA5561B052F,SHA256=9FCD6D853054A359FDAB4CE80E110DEF60EA62DBE7EA90DCBA0FC0F778D0C4E7,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005411Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:35:31.033{08CB57FB-C2D3-64AB-1A01-00000000FA02}3964C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004664Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 08:35:44.339{4E8F5BFB-C2E0-64AB-E800-00000000F902}1008C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=A434E761D405DDC4EC4411D69D80BAAB,SHA256=DC09085E78020D3044660ED762A8FDBEA00FD859B4EADBE92F8725A9A654F294,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004665Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 08:35:46.199{4E8F5BFB-C2E2-64AB-E900-00000000F902}2096C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.5Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=513972A5A10DC2984285F0B15171C10E,SHA256=B025CC16487F6B5B1D63E7080172856F56A669764AF01CCE8C06B4CFDECCD682,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004666Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 08:35:47.339{4E8F5BFB-C2E3-64AB-EA00-00000000F902}572C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004667Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 08:35:48.104{4E8F5BFB-C2E4-64AB-EB00-00000000F902}4012C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000004668Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 08:35:49.541{4E8F5BFB-C2E5-64AB-EC00-00000000F902}1700C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.5Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=056A3A318008FF93D6951CA5561B052F,SHA256=9FCD6D853054A359FDAB4CE80E110DEF60EA62DBE7EA90DCBA0FC0F778D0C4E7,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005413Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:35:54.097{08CB57FB-C2EA-64AB-1D01-00000000FA02}4580C:\Windows\System32\InstallAgent.exe10.0.14393.5127 (rs1_release_inmarket.220514-1756)InstallAgentMicrosoft® Windows® Operating SystemMicrosoft CorporationInstallAgent.exeC:\Windows\System32\InstallAgent.exe -EmbeddingC:\Windows\system32\AR-WIN-2\Administrator{08CB57FB-C1BC-64AB-DD9C-070000000000}0x79cdd2HighMD5=FAED69010377AF73D19BF070833DA674,SHA256=094990F2727BAAFC51D74571EA32C18CEFCFB6C66B80EB91F3952C007CE9FC31,IMPHASH=EAB6EF3DE625719627DC808B5F0501FC{08CB57FB-BF05-64AB-0C00-00000000FA02}680C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunchNT AUTHORITY\SYSTEM 13241300x80000000000000005414Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localT1042SetValue2023-07-10 08:35:55.295{08CB57FB-C1BD-64AB-E700-00000000FA02}3608C:\Windows\Explorer.EXEHKU\S-1-5-21-3179303874-1983987604-3427696531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\OpenWithProgids\exefileBinary DataAR-WIN-2\Administrator 13241300x80000000000000005417Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localT1060,RunKeySetValue2023-07-10 08:36:15.874{08CB57FB-C2FF-64AB-2001-00000000FA02}4928C:\Windows\system32\reg.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLinkedConnectionsDWORD (0x00000001)AR-WIN-2\Administrator 154100x80000000000000005416Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:36:15.871{08CB57FB-C2FF-64AB-2001-00000000FA02}4928C:\Windows\System32\reg.exe10.0.14393.0 (rs1_release.160715-1616)Registry Console ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationreg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLinkedConnections /t REG_DWORD /d 1 /fC:\Program Files\ansible\sysmon\AR-WIN-2\Administrator{08CB57FB-C1BC-64AB-DD9C-070000000000}0x79cdd2HighMD5=59A22FA6CF85026BB6BC69A1ADD75C50,SHA256=9E28034CE3AEEA6951F790F8997DF44CFBF80BEFF9FB17413DBA317016A716AD,IMPHASH=EE7EB7FA7D163340753B7223ADA14352{08CB57FB-C2FF-64AB-1F01-00000000FA02}1816C:\Windows\System32\cmd.execmd /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLinkedConnections /t REG_DWORD /d 1 /fAR-WIN-2\Administrator 154100x80000000000000005415Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:36:15.864{08CB57FB-C2FF-64AB-1F01-00000000FA02}1816C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Execmd /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLinkedConnections /t REG_DWORD /d 1 /fC:\Program Files\ansible\sysmon\AR-WIN-2\Administrator{08CB57FB-C1BC-64AB-DD9C-070000000000}0x79cdd2HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{08CB57FB-C22B-64AB-0901-00000000FA02}3604C:\Windows\System32\cmd.exe"cmd.exe" /s /k pushd "C:\Program Files\ansible\sysmon"AR-WIN-2\Administrator 154100x80000000000000005418Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:36:26.329{08CB57FB-C30A-64AB-2101-00000000FA02}828C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=A434E761D405DDC4EC4411D69D80BAAB,SHA256=DC09085E78020D3044660ED762A8FDBEA00FD859B4EADBE92F8725A9A654F294,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005419Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:36:28.220{08CB57FB-C30C-64AB-2201-00000000FA02}5020C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.5Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=513972A5A10DC2984285F0B15171C10E,SHA256=B025CC16487F6B5B1D63E7080172856F56A669764AF01CCE8C06B4CFDECCD682,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005420Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:36:29.954{08CB57FB-C30D-64AB-2301-00000000FA02}1284C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005422Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:36:31.814{08CB57FB-C30F-64AB-2501-00000000FA02}3248C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.5Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=056A3A318008FF93D6951CA5561B052F,SHA256=9FCD6D853054A359FDAB4CE80E110DEF60EA62DBE7EA90DCBA0FC0F778D0C4E7,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005421Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 08:36:31.048{08CB57FB-C30F-64AB-2401-00000000FA02}3336C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM