154100x80000000000000005583Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 09:09:26.904{08CB57FB-CAC6-64AB-C901-00000000FA02}4172C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=A434E761D405DDC4EC4411D69D80BAAB,SHA256=DC09085E78020D3044660ED762A8FDBEA00FD859B4EADBE92F8725A9A654F294,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005584Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 09:09:28.702{08CB57FB-CAC8-64AB-CA01-00000000FA02}192C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.5Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=513972A5A10DC2984285F0B15171C10E,SHA256=B025CC16487F6B5B1D63E7080172856F56A669764AF01CCE8C06B4CFDECCD682,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005585Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 09:09:30.421{08CB57FB-CACA-64AB-CB01-00000000FA02}820C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005586Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 09:09:31.327{08CB57FB-CACB-64AB-CC01-00000000FA02}868C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.5Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=056A3A318008FF93D6951CA5561B052F,SHA256=9FCD6D853054A359FDAB4CE80E110DEF60EA62DBE7EA90DCBA0FC0F778D0C4E7,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005587Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 09:09:32.077{08CB57FB-CACC-64AB-CD01-00000000FA02}4932C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006641Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 09:09:44.737{4E8F5BFB-CAD8-64AB-9B01-00000000F902}2940C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=A434E761D405DDC4EC4411D69D80BAAB,SHA256=DC09085E78020D3044660ED762A8FDBEA00FD859B4EADBE92F8725A9A654F294,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006642Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 09:09:46.035{4E8F5BFB-CADA-64AB-9C01-00000000F902}3908C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.5Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=513972A5A10DC2984285F0B15171C10E,SHA256=B025CC16487F6B5B1D63E7080172856F56A669764AF01CCE8C06B4CFDECCD682,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006644Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 09:09:47.940{4E8F5BFB-CADB-64AB-9E01-00000000F902}1008C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006643Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 09:09:47.175{4E8F5BFB-CADB-64AB-9D01-00000000F902}2796C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006645Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 09:09:49.613{4E8F5BFB-CADD-64AB-9F01-00000000F902}1260C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.5Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=056A3A318008FF93D6951CA5561B052F,SHA256=9FCD6D853054A359FDAB4CE80E110DEF60EA62DBE7EA90DCBA0FC0F778D0C4E7,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005588Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 09:10:26.918{08CB57FB-CB02-64AB-CE01-00000000FA02}908C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=A434E761D405DDC4EC4411D69D80BAAB,SHA256=DC09085E78020D3044660ED762A8FDBEA00FD859B4EADBE92F8725A9A654F294,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005589Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 09:10:28.716{08CB57FB-CB04-64AB-CF01-00000000FA02}1752C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.5Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=513972A5A10DC2984285F0B15171C10E,SHA256=B025CC16487F6B5B1D63E7080172856F56A669764AF01CCE8C06B4CFDECCD682,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005590Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 09:10:30.450{08CB57FB-CB06-64AB-D001-00000000FA02}2516C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005591Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 09:10:31.341{08CB57FB-CB07-64AB-D101-00000000FA02}3708C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.5Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=056A3A318008FF93D6951CA5561B052F,SHA256=9FCD6D853054A359FDAB4CE80E110DEF60EA62DBE7EA90DCBA0FC0F778D0C4E7,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005592Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 09:10:32.091{08CB57FB-CB08-64AB-D201-00000000FA02}2940C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006646Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 09:10:44.736{4E8F5BFB-CB14-64AB-A001-00000000F902}3344C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=A434E761D405DDC4EC4411D69D80BAAB,SHA256=DC09085E78020D3044660ED762A8FDBEA00FD859B4EADBE92F8725A9A654F294,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006647Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 09:10:46.048{4E8F5BFB-CB16-64AB-A101-00000000F902}548C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.5Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=513972A5A10DC2984285F0B15171C10E,SHA256=B025CC16487F6B5B1D63E7080172856F56A669764AF01CCE8C06B4CFDECCD682,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006649Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 09:10:47.954{4E8F5BFB-CB17-64AB-A301-00000000F902}1068C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006648Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 09:10:47.189{4E8F5BFB-CB17-64AB-A201-00000000F902}2916C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006650Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 09:10:49.610{4E8F5BFB-CB19-64AB-A401-00000000F902}1596C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.5Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=056A3A318008FF93D6951CA5561B052F,SHA256=9FCD6D853054A359FDAB4CE80E110DEF60EA62DBE7EA90DCBA0FC0F778D0C4E7,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005593Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 09:11:26.921{08CB57FB-CB3E-64AB-D301-00000000FA02}4824C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=A434E761D405DDC4EC4411D69D80BAAB,SHA256=DC09085E78020D3044660ED762A8FDBEA00FD859B4EADBE92F8725A9A654F294,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005594Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 09:11:28.733{08CB57FB-CB40-64AB-D401-00000000FA02}4296C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.5Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=513972A5A10DC2984285F0B15171C10E,SHA256=B025CC16487F6B5B1D63E7080172856F56A669764AF01CCE8C06B4CFDECCD682,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005595Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 09:11:30.468{08CB57FB-CB42-64AB-D501-00000000FA02}4256C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005596Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 09:11:31.344{08CB57FB-CB43-64AB-D601-00000000FA02}4312C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005597Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 09:11:32.093{08CB57FB-CB44-64AB-D701-00000000FA02}4704C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.5Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=056A3A318008FF93D6951CA5561B052F,SHA256=9FCD6D853054A359FDAB4CE80E110DEF60EA62DBE7EA90DCBA0FC0F778D0C4E7,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006651Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 09:11:44.736{4E8F5BFB-CB50-64AB-A501-00000000F902}3420C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=A434E761D405DDC4EC4411D69D80BAAB,SHA256=DC09085E78020D3044660ED762A8FDBEA00FD859B4EADBE92F8725A9A654F294,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006652Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 09:11:46.064{4E8F5BFB-CB52-64AB-A601-00000000F902}1156C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.5Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=513972A5A10DC2984285F0B15171C10E,SHA256=B025CC16487F6B5B1D63E7080172856F56A669764AF01CCE8C06B4CFDECCD682,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006654Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 09:11:47.939{4E8F5BFB-CB53-64AB-A801-00000000F902}2372C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006653Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 09:11:47.189{4E8F5BFB-CB53-64AB-A701-00000000F902}3336C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006655Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 09:11:49.626{4E8F5BFB-CB55-64AB-A901-00000000F902}3868C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.5Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=056A3A318008FF93D6951CA5561B052F,SHA256=9FCD6D853054A359FDAB4CE80E110DEF60EA62DBE7EA90DCBA0FC0F778D0C4E7,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005598Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 09:12:26.936{08CB57FB-CB7A-64AB-D801-00000000FA02}4372C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=A434E761D405DDC4EC4411D69D80BAAB,SHA256=DC09085E78020D3044660ED762A8FDBEA00FD859B4EADBE92F8725A9A654F294,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005599Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 09:12:28.764{08CB57FB-CB7C-64AB-D901-00000000FA02}1984C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.5Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=513972A5A10DC2984285F0B15171C10E,SHA256=B025CC16487F6B5B1D63E7080172856F56A669764AF01CCE8C06B4CFDECCD682,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005600Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 09:12:30.374{08CB57FB-CB7E-64AB-DA01-00000000FA02}3632C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005601Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 09:12:31.359{08CB57FB-CB7F-64AB-DB01-00000000FA02}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005602Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 09:12:32.109{08CB57FB-CB80-64AB-DC01-00000000FA02}4108C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.5Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=056A3A318008FF93D6951CA5561B052F,SHA256=9FCD6D853054A359FDAB4CE80E110DEF60EA62DBE7EA90DCBA0FC0F778D0C4E7,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006656Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 09:12:44.736{4E8F5BFB-CB8C-64AB-AA01-00000000F902}1436C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=A434E761D405DDC4EC4411D69D80BAAB,SHA256=DC09085E78020D3044660ED762A8FDBEA00FD859B4EADBE92F8725A9A654F294,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006657Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 09:12:45.940{4E8F5BFB-CB8D-64AB-AB01-00000000F902}1608C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.5Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=513972A5A10DC2984285F0B15171C10E,SHA256=B025CC16487F6B5B1D63E7080172856F56A669764AF01CCE8C06B4CFDECCD682,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006659Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 09:12:47.846{4E8F5BFB-CB8F-64AB-AD01-00000000F902}1824C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006658Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 09:12:47.096{4E8F5BFB-CB8F-64AB-AC01-00000000F902}948C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006660Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 09:12:49.642{4E8F5BFB-CB91-64AB-AE01-00000000F902}3928C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.5Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=056A3A318008FF93D6951CA5561B052F,SHA256=9FCD6D853054A359FDAB4CE80E110DEF60EA62DBE7EA90DCBA0FC0F778D0C4E7,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005603Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 09:13:26.945{08CB57FB-CBB6-64AB-DD01-00000000FA02}4788C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=A434E761D405DDC4EC4411D69D80BAAB,SHA256=DC09085E78020D3044660ED762A8FDBEA00FD859B4EADBE92F8725A9A654F294,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005604Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 09:13:28.789{08CB57FB-CBB8-64AB-DE01-00000000FA02}4776C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.5Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=513972A5A10DC2984285F0B15171C10E,SHA256=B025CC16487F6B5B1D63E7080172856F56A669764AF01CCE8C06B4CFDECCD682,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005605Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 09:13:30.383{08CB57FB-CBBA-64AB-DF01-00000000FA02}5012C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005606Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 09:13:31.368{08CB57FB-CBBB-64AB-E001-00000000FA02}4620C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.5Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=056A3A318008FF93D6951CA5561B052F,SHA256=9FCD6D853054A359FDAB4CE80E110DEF60EA62DBE7EA90DCBA0FC0F778D0C4E7,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005607Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 09:13:32.133{08CB57FB-CBBC-64AB-E101-00000000FA02}4028C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006661Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 09:13:44.736{4E8F5BFB-CBC8-64AB-AF01-00000000F902}3840C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=A434E761D405DDC4EC4411D69D80BAAB,SHA256=DC09085E78020D3044660ED762A8FDBEA00FD859B4EADBE92F8725A9A654F294,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006662Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 09:13:45.939{4E8F5BFB-CBC9-64AB-B001-00000000F902}3100C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.5Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=513972A5A10DC2984285F0B15171C10E,SHA256=B025CC16487F6B5B1D63E7080172856F56A669764AF01CCE8C06B4CFDECCD682,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006664Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 09:13:47.830{4E8F5BFB-CBCB-64AB-B201-00000000F902}3724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006663Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 09:13:47.080{4E8F5BFB-CBCB-64AB-B101-00000000F902}2696C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006665Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 09:13:49.626{4E8F5BFB-CBCD-64AB-B301-00000000F902}3704C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.5Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=056A3A318008FF93D6951CA5561B052F,SHA256=9FCD6D853054A359FDAB4CE80E110DEF60EA62DBE7EA90DCBA0FC0F778D0C4E7,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005608Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 09:14:26.964{08CB57FB-CBF2-64AB-E201-00000000FA02}2772C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=A434E761D405DDC4EC4411D69D80BAAB,SHA256=DC09085E78020D3044660ED762A8FDBEA00FD859B4EADBE92F8725A9A654F294,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005609Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 09:14:28.792{08CB57FB-CBF4-64AB-E301-00000000FA02}2640C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.5Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=513972A5A10DC2984285F0B15171C10E,SHA256=B025CC16487F6B5B1D63E7080172856F56A669764AF01CCE8C06B4CFDECCD682,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005610Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 09:14:30.230{08CB57FB-CBF6-64AB-E401-00000000FA02}1456C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005611Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 09:14:31.371{08CB57FB-CBF7-64AB-E501-00000000FA02}1096C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.5Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=056A3A318008FF93D6951CA5561B052F,SHA256=9FCD6D853054A359FDAB4CE80E110DEF60EA62DBE7EA90DCBA0FC0F778D0C4E7,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005612Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 09:14:32.121{08CB57FB-CBF8-64AB-E601-00000000FA02}2724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006666Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 09:14:44.744{4E8F5BFB-CC04-64AB-B401-00000000F902}948C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=A434E761D405DDC4EC4411D69D80BAAB,SHA256=DC09085E78020D3044660ED762A8FDBEA00FD859B4EADBE92F8725A9A654F294,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006667Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 09:14:45.962{4E8F5BFB-CC05-64AB-B501-00000000F902}2016C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.5Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=513972A5A10DC2984285F0B15171C10E,SHA256=B025CC16487F6B5B1D63E7080172856F56A669764AF01CCE8C06B4CFDECCD682,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006669Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 09:14:47.854{4E8F5BFB-CC07-64AB-B701-00000000F902}3800C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006668Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 09:14:47.087{4E8F5BFB-CC07-64AB-B601-00000000F902}1692C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006670Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 09:14:49.634{4E8F5BFB-CC09-64AB-B801-00000000F902}320C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.5Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=056A3A318008FF93D6951CA5561B052F,SHA256=9FCD6D853054A359FDAB4CE80E110DEF60EA62DBE7EA90DCBA0FC0F778D0C4E7,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005613Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 09:15:26.984{08CB57FB-CC2E-64AB-E701-00000000FA02}4148C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=A434E761D405DDC4EC4411D69D80BAAB,SHA256=DC09085E78020D3044660ED762A8FDBEA00FD859B4EADBE92F8725A9A654F294,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005614Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 09:15:28.813{08CB57FB-CC30-64AB-E801-00000000FA02}3816C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.5Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=513972A5A10DC2984285F0B15171C10E,SHA256=B025CC16487F6B5B1D63E7080172856F56A669764AF01CCE8C06B4CFDECCD682,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005615Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 09:15:30.250{08CB57FB-CC32-64AB-E901-00000000FA02}4240C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005616Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 09:15:31.391{08CB57FB-CC33-64AB-EA01-00000000FA02}4280C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005617Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 09:15:32.141{08CB57FB-CC34-64AB-EB01-00000000FA02}4296C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.5Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=056A3A318008FF93D6951CA5561B052F,SHA256=9FCD6D853054A359FDAB4CE80E110DEF60EA62DBE7EA90DCBA0FC0F778D0C4E7,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006671Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 09:15:44.741{4E8F5BFB-CC40-64AB-B901-00000000F902}3724C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=A434E761D405DDC4EC4411D69D80BAAB,SHA256=DC09085E78020D3044660ED762A8FDBEA00FD859B4EADBE92F8725A9A654F294,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006672Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 09:15:45.960{4E8F5BFB-CC41-64AB-BA01-00000000F902}3704C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.5Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=513972A5A10DC2984285F0B15171C10E,SHA256=B025CC16487F6B5B1D63E7080172856F56A669764AF01CCE8C06B4CFDECCD682,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006674Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 09:15:47.851{4E8F5BFB-CC43-64AB-BC01-00000000F902}2080C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006673Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 09:15:47.085{4E8F5BFB-CC43-64AB-BB01-00000000F902}3984C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006675Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 09:15:49.632{4E8F5BFB-CC45-64AB-BD01-00000000F902}2316C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.5Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=056A3A318008FF93D6951CA5561B052F,SHA256=9FCD6D853054A359FDAB4CE80E110DEF60EA62DBE7EA90DCBA0FC0F778D0C4E7,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005618Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 09:16:27.001{08CB57FB-CC6B-64AB-EC01-00000000FA02}3892C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=A434E761D405DDC4EC4411D69D80BAAB,SHA256=DC09085E78020D3044660ED762A8FDBEA00FD859B4EADBE92F8725A9A654F294,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005619Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 09:16:28.830{08CB57FB-CC6C-64AB-ED01-00000000FA02}2820C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.5Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=513972A5A10DC2984285F0B15171C10E,SHA256=B025CC16487F6B5B1D63E7080172856F56A669764AF01CCE8C06B4CFDECCD682,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005620Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 09:16:30.127{08CB57FB-CC6E-64AB-EE01-00000000FA02}4740C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005621Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 09:16:31.268{08CB57FB-CC6F-64AB-EF01-00000000FA02}5060C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005622Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 09:16:32.017{08CB57FB-CC70-64AB-F001-00000000FA02}3328C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.5Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=056A3A318008FF93D6951CA5561B052F,SHA256=9FCD6D853054A359FDAB4CE80E110DEF60EA62DBE7EA90DCBA0FC0F778D0C4E7,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006676Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 09:16:44.743{4E8F5BFB-CC7C-64AB-BE01-00000000F902}2196C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=A434E761D405DDC4EC4411D69D80BAAB,SHA256=DC09085E78020D3044660ED762A8FDBEA00FD859B4EADBE92F8725A9A654F294,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006677Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 09:16:45.951{4E8F5BFB-CC7D-64AB-BF01-00000000F902}2976C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.5Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=513972A5A10DC2984285F0B15171C10E,SHA256=B025CC16487F6B5B1D63E7080172856F56A669764AF01CCE8C06B4CFDECCD682,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006679Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 09:16:47.852{4E8F5BFB-CC7F-64AB-C101-00000000F902}820C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006678Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 09:16:47.087{4E8F5BFB-CC7F-64AB-C001-00000000F902}1256C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006680Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 09:16:49.649{4E8F5BFB-CC81-64AB-C201-00000000F902}3528C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.5Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=056A3A318008FF93D6951CA5561B052F,SHA256=9FCD6D853054A359FDAB4CE80E110DEF60EA62DBE7EA90DCBA0FC0F778D0C4E7,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005623Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 09:17:27.036{08CB57FB-CCA7-64AB-F101-00000000FA02}4120C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=A434E761D405DDC4EC4411D69D80BAAB,SHA256=DC09085E78020D3044660ED762A8FDBEA00FD859B4EADBE92F8725A9A654F294,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005624Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 09:17:28.864{08CB57FB-CCA8-64AB-F201-00000000FA02}4576C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.5Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=513972A5A10DC2984285F0B15171C10E,SHA256=B025CC16487F6B5B1D63E7080172856F56A669764AF01CCE8C06B4CFDECCD682,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005625Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 09:17:30.162{08CB57FB-CCAA-64AB-F301-00000000FA02}4624C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005626Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 09:17:31.287{08CB57FB-CCAB-64AB-F401-00000000FA02}464C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.5Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=056A3A318008FF93D6951CA5561B052F,SHA256=9FCD6D853054A359FDAB4CE80E110DEF60EA62DBE7EA90DCBA0FC0F778D0C4E7,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005627Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 09:17:32.037{08CB57FB-CCAC-64AB-F501-00000000FA02}4040C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006681Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 09:17:44.746{4E8F5BFB-CCB8-64AB-C301-00000000F902}2416C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=A434E761D405DDC4EC4411D69D80BAAB,SHA256=DC09085E78020D3044660ED762A8FDBEA00FD859B4EADBE92F8725A9A654F294,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006682Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 09:17:45.949{4E8F5BFB-CCB9-64AB-C401-00000000F902}3424C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.5Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=513972A5A10DC2984285F0B15171C10E,SHA256=B025CC16487F6B5B1D63E7080172856F56A669764AF01CCE8C06B4CFDECCD682,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006684Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 09:17:47.824{4E8F5BFB-CCBB-64AB-C601-00000000F902}2636C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006683Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 09:17:47.074{4E8F5BFB-CCBB-64AB-C501-00000000F902}3492C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006685Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 09:17:49.652{4E8F5BFB-CCBD-64AB-C701-00000000F902}264C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.5Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=056A3A318008FF93D6951CA5561B052F,SHA256=9FCD6D853054A359FDAB4CE80E110DEF60EA62DBE7EA90DCBA0FC0F778D0C4E7,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005628Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 09:18:27.035{08CB57FB-CCE3-64AB-F601-00000000FA02}3900C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=A434E761D405DDC4EC4411D69D80BAAB,SHA256=DC09085E78020D3044660ED762A8FDBEA00FD859B4EADBE92F8725A9A654F294,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005629Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 09:18:28.865{08CB57FB-CCE4-64AB-F701-00000000FA02}1792C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.5Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=513972A5A10DC2984285F0B15171C10E,SHA256=B025CC16487F6B5B1D63E7080172856F56A669764AF01CCE8C06B4CFDECCD682,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005630Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 09:18:30.162{08CB57FB-CCE6-64AB-F801-00000000FA02}1900C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005631Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 09:18:31.287{08CB57FB-CCE7-64AB-F901-00000000FA02}1528C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.5Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=056A3A318008FF93D6951CA5561B052F,SHA256=9FCD6D853054A359FDAB4CE80E110DEF60EA62DBE7EA90DCBA0FC0F778D0C4E7,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005632Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 09:18:32.053{08CB57FB-CCE8-64AB-FA01-00000000FA02}1512C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006686Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 09:18:44.746{4E8F5BFB-CCF4-64AB-C801-00000000F902}1112C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=A434E761D405DDC4EC4411D69D80BAAB,SHA256=DC09085E78020D3044660ED762A8FDBEA00FD859B4EADBE92F8725A9A654F294,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006687Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 09:18:45.949{4E8F5BFB-CCF5-64AB-C901-00000000F902}1572C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.5Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=513972A5A10DC2984285F0B15171C10E,SHA256=B025CC16487F6B5B1D63E7080172856F56A669764AF01CCE8C06B4CFDECCD682,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006689Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 09:18:47.840{4E8F5BFB-CCF7-64AB-CB01-00000000F902}3692C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006688Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 09:18:47.074{4E8F5BFB-CCF7-64AB-CA01-00000000F902}3920C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006690Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 09:18:49.668{4E8F5BFB-CCF9-64AB-CC01-00000000F902}456C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.5Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=056A3A318008FF93D6951CA5561B052F,SHA256=9FCD6D853054A359FDAB4CE80E110DEF60EA62DBE7EA90DCBA0FC0F778D0C4E7,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005633Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 09:19:27.056{08CB57FB-CD1F-64AB-FB01-00000000FA02}3280C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=A434E761D405DDC4EC4411D69D80BAAB,SHA256=DC09085E78020D3044660ED762A8FDBEA00FD859B4EADBE92F8725A9A654F294,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005634Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 09:19:28.885{08CB57FB-CD20-64AB-FC01-00000000FA02}4332C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.5Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=513972A5A10DC2984285F0B15171C10E,SHA256=B025CC16487F6B5B1D63E7080172856F56A669764AF01CCE8C06B4CFDECCD682,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005635Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 09:19:30.182{08CB57FB-CD22-64AB-FD01-00000000FA02}3680C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005636Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 09:19:31.307{08CB57FB-CD23-64AB-FE01-00000000FA02}3628C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005637Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 09:19:32.073{08CB57FB-CD24-64AB-FF01-00000000FA02}4304C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.5Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=056A3A318008FF93D6951CA5561B052F,SHA256=9FCD6D853054A359FDAB4CE80E110DEF60EA62DBE7EA90DCBA0FC0F778D0C4E7,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006691Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 09:19:44.738{4E8F5BFB-CD30-64AB-CD01-00000000F902}1740C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=A434E761D405DDC4EC4411D69D80BAAB,SHA256=DC09085E78020D3044660ED762A8FDBEA00FD859B4EADBE92F8725A9A654F294,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006692Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 09:19:45.941{4E8F5BFB-CD31-64AB-CE01-00000000F902}796C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.5Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=513972A5A10DC2984285F0B15171C10E,SHA256=B025CC16487F6B5B1D63E7080172856F56A669764AF01CCE8C06B4CFDECCD682,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006694Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 09:19:47.832{4E8F5BFB-CD33-64AB-D001-00000000F902}3904C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006693Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 09:19:47.066{4E8F5BFB-CD33-64AB-CF01-00000000F902}1660C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 354300x80000000000000005638Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localRDP2023-07-10 09:19:45.786{08CB57FB-BF05-64AB-0F00-00000000FA02}884C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse205.210.31.22-54324-false10.0.1.15ar-win-2.attackrange.local3389ms-wbt-server 154100x80000000000000006695Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 09:19:49.660{4E8F5BFB-CD35-64AB-D101-00000000F902}1692C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.5Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=056A3A318008FF93D6951CA5561B052F,SHA256=9FCD6D853054A359FDAB4CE80E110DEF60EA62DBE7EA90DCBA0FC0F778D0C4E7,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005639Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 09:20:27.053{08CB57FB-CD5B-64AB-0002-00000000FA02}3884C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=A434E761D405DDC4EC4411D69D80BAAB,SHA256=DC09085E78020D3044660ED762A8FDBEA00FD859B4EADBE92F8725A9A654F294,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005640Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 09:20:28.881{08CB57FB-CD5C-64AB-0102-00000000FA02}4188C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.5Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=513972A5A10DC2984285F0B15171C10E,SHA256=B025CC16487F6B5B1D63E7080172856F56A669764AF01CCE8C06B4CFDECCD682,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005641Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 09:20:30.194{08CB57FB-CD5E-64AB-0202-00000000FA02}4368C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005642Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 09:20:31.320{08CB57FB-CD5F-64AB-0302-00000000FA02}4016C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005643Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 09:20:32.069{08CB57FB-CD60-64AB-0402-00000000FA02}4396C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.5Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=056A3A318008FF93D6951CA5561B052F,SHA256=9FCD6D853054A359FDAB4CE80E110DEF60EA62DBE7EA90DCBA0FC0F778D0C4E7,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006696Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 09:20:44.746{4E8F5BFB-CD6C-64AB-D201-00000000F902}4080C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=A434E761D405DDC4EC4411D69D80BAAB,SHA256=DC09085E78020D3044660ED762A8FDBEA00FD859B4EADBE92F8725A9A654F294,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006697Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 09:20:45.949{4E8F5BFB-CD6D-64AB-D301-00000000F902}3416C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.5Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=513972A5A10DC2984285F0B15171C10E,SHA256=B025CC16487F6B5B1D63E7080172856F56A669764AF01CCE8C06B4CFDECCD682,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006699Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 09:20:47.824{4E8F5BFB-CD6F-64AB-D501-00000000F902}1552C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006698Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 09:20:47.074{4E8F5BFB-CD6F-64AB-D401-00000000F902}3732C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006700Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 09:20:49.667{4E8F5BFB-CD71-64AB-D601-00000000F902}660C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.5Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=056A3A318008FF93D6951CA5561B052F,SHA256=9FCD6D853054A359FDAB4CE80E110DEF60EA62DBE7EA90DCBA0FC0F778D0C4E7,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 16341600x80000000000000005645Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local2023-07-10 09:21:05.515C:\Program Files\ansible\SwiftOnSecurity.xmlSHA256=E5C0BE1E8A4CB44D2846F69021428142F6A084948B99E4726822E0946F121E98 154100x80000000000000005644Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 09:21:05.423{08CB57FB-CD81-64AB-0502-00000000FA02}2612C:\Program Files\ansible\sysmon\Sysmon64.exe15.0System activity monitorSysinternals SysmonSysinternals - www.sysinternals.com-Sysmon64.exe -c "C:\Program Files\ansible\SwiftOnSecurity.xml"C:\Program Files\ansible\sysmon\AR-WIN-2\Administrator{08CB57FB-C1BC-64AB-DD9C-070000000000}0x79cdd2HighMD5=B3B026CF8AA746DCE90C6D119397BC52,SHA256=5485CA7E2BE4AFC76AADD97536192CF2850228FE338083D6BAB4C981BD6DDF92,IMPHASH=354037478FC7C4B710213AA1C7DF31A4{08CB57FB-C22B-64AB-0901-00000000FA02}3604C:\Windows\System32\cmd.exe"cmd.exe" /s /k pushd "C:\Program Files\ansible\sysmon"AR-WIN-2\Administrator 154100x80000000000000005646Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 09:21:27.067{08CB57FB-CD97-64AB-0602-00000000FA02}4744C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=A434E761D405DDC4EC4411D69D80BAAB,SHA256=DC09085E78020D3044660ED762A8FDBEA00FD859B4EADBE92F8725A9A654F294,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005647Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 09:21:28.896{08CB57FB-CD98-64AB-0702-00000000FA02}4836C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.5Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=513972A5A10DC2984285F0B15171C10E,SHA256=B025CC16487F6B5B1D63E7080172856F56A669764AF01CCE8C06B4CFDECCD682,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005648Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 09:21:30.223{08CB57FB-CD9A-64AB-0802-00000000FA02}520C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005649Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 09:21:31.333{08CB57FB-CD9B-64AB-0902-00000000FA02}5012C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.5Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=056A3A318008FF93D6951CA5561B052F,SHA256=9FCD6D853054A359FDAB4CE80E110DEF60EA62DBE7EA90DCBA0FC0F778D0C4E7,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005650Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 09:21:32.083{08CB57FB-CD9C-64AB-0A02-00000000FA02}4688C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005652Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 09:21:35.029{08CB57FB-CD9F-64AB-0C02-00000000FA02}4872C:\Windows\System32\reg.exe10.0.14393.0 (rs1_release.160715-1616)Registry Console ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationreg.exereg add HKLM\\SYSTEM\\CurrentControlSet\\Control\\FileSystem /v LongPathsEnabled /t REG_DWORD /d 1 /fC:\Program Files\ansible\sysmon\AR-WIN-2\Administrator{08CB57FB-C1BC-64AB-DD9C-070000000000}0x79cdd2HighMD5=59A22FA6CF85026BB6BC69A1ADD75C50,SHA256=9E28034CE3AEEA6951F790F8997DF44CFBF80BEFF9FB17413DBA317016A716AD,IMPHASH=EE7EB7FA7D163340753B7223ADA14352{08CB57FB-CD9F-64AB-0B02-00000000FA02}4028C:\Windows\System32\cmd.execmd /c reg add HKLM\\SYSTEM\\CurrentControlSet\\Control\\FileSystem /v LongPathsEnabled /t REG_DWORD /d 1 /fAR-WIN-2\Administrator 154100x80000000000000005651Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 09:21:35.018{08CB57FB-CD9F-64AB-0B02-00000000FA02}4028C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Execmd /c reg add HKLM\\SYSTEM\\CurrentControlSet\\Control\\FileSystem /v LongPathsEnabled /t REG_DWORD /d 1 /fC:\Program Files\ansible\sysmon\AR-WIN-2\Administrator{08CB57FB-C1BC-64AB-DD9C-070000000000}0x79cdd2HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{08CB57FB-C22B-64AB-0901-00000000FA02}3604C:\Windows\System32\cmd.exe"cmd.exe" /s /k pushd "C:\Program Files\ansible\sysmon"AR-WIN-2\Administrator 154100x80000000000000006701Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 09:21:44.753{4E8F5BFB-CDA8-64AB-D701-00000000F902}3104C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=A434E761D405DDC4EC4411D69D80BAAB,SHA256=DC09085E78020D3044660ED762A8FDBEA00FD859B4EADBE92F8725A9A654F294,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006702Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 09:21:45.940{4E8F5BFB-CDA9-64AB-D801-00000000F902}2964C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.5Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=513972A5A10DC2984285F0B15171C10E,SHA256=B025CC16487F6B5B1D63E7080172856F56A669764AF01CCE8C06B4CFDECCD682,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006704Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 09:21:47.815{4E8F5BFB-CDAB-64AB-DA01-00000000F902}2760C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006703Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 09:21:47.065{4E8F5BFB-CDAB-64AB-D901-00000000F902}3672C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006705Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 09:21:49.659{4E8F5BFB-CDAD-64AB-DB01-00000000F902}820C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.5Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=056A3A318008FF93D6951CA5561B052F,SHA256=9FCD6D853054A359FDAB4CE80E110DEF60EA62DBE7EA90DCBA0FC0F778D0C4E7,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005654Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 09:21:55.785{08CB57FB-CDB3-64AB-0E02-00000000FA02}2824C:\Windows\System32\reg.exe10.0.14393.0 (rs1_release.160715-1616)Registry Console ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationreg.exereg add HKLM\\YSTEM\CurrentControlSet\Control\FileSystem /v LongPathsEnabled /t REG_DWORD /d 1 /fC:\Program Files\ansible\sysmon\AR-WIN-2\Administrator{08CB57FB-C1BC-64AB-DD9C-070000000000}0x79cdd2HighMD5=59A22FA6CF85026BB6BC69A1ADD75C50,SHA256=9E28034CE3AEEA6951F790F8997DF44CFBF80BEFF9FB17413DBA317016A716AD,IMPHASH=EE7EB7FA7D163340753B7223ADA14352{08CB57FB-CDB3-64AB-0D02-00000000FA02}4932C:\Windows\System32\cmd.execmd /c reg add HKLM\\YSTEM\CurrentControlSet\Control\FileSystem /v LongPathsEnabled /t REG_DWORD /d 1 /fAR-WIN-2\Administrator 154100x80000000000000005653Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 09:21:55.779{08CB57FB-CDB3-64AB-0D02-00000000FA02}4932C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Execmd /c reg add HKLM\\YSTEM\CurrentControlSet\Control\FileSystem /v LongPathsEnabled /t REG_DWORD /d 1 /fC:\Program Files\ansible\sysmon\AR-WIN-2\Administrator{08CB57FB-C1BC-64AB-DD9C-070000000000}0x79cdd2HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{08CB57FB-C22B-64AB-0901-00000000FA02}3604C:\Windows\System32\cmd.exe"cmd.exe" /s /k pushd "C:\Program Files\ansible\sysmon"AR-WIN-2\Administrator 154100x80000000000000005656Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 09:22:08.790{08CB57FB-CDC0-64AB-1002-00000000FA02}1896C:\Windows\System32\reg.exe10.0.14393.0 (rs1_release.160715-1616)Registry Console ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationreg.exereg add HKLM\YSTEM\CurrentControlSet\Control\FileSystem /v LongPathsEnabled /t REG_DWORD /d 1 /fC:\Program Files\ansible\sysmon\AR-WIN-2\Administrator{08CB57FB-C1BC-64AB-DD9C-070000000000}0x79cdd2HighMD5=59A22FA6CF85026BB6BC69A1ADD75C50,SHA256=9E28034CE3AEEA6951F790F8997DF44CFBF80BEFF9FB17413DBA317016A716AD,IMPHASH=EE7EB7FA7D163340753B7223ADA14352{08CB57FB-CDC0-64AB-0F02-00000000FA02}1004C:\Windows\System32\cmd.execmd /c reg add HKLM\YSTEM\CurrentControlSet\Control\FileSystem /v LongPathsEnabled /t REG_DWORD /d 1 /fAR-WIN-2\Administrator 154100x80000000000000005655Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 09:22:08.772{08CB57FB-CDC0-64AB-0F02-00000000FA02}1004C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Execmd /c reg add HKLM\YSTEM\CurrentControlSet\Control\FileSystem /v LongPathsEnabled /t REG_DWORD /d 1 /fC:\Program Files\ansible\sysmon\AR-WIN-2\Administrator{08CB57FB-C1BC-64AB-DD9C-070000000000}0x79cdd2HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{08CB57FB-C22B-64AB-0901-00000000FA02}3604C:\Windows\System32\cmd.exe"cmd.exe" /s /k pushd "C:\Program Files\ansible\sysmon"AR-WIN-2\Administrator 154100x80000000000000005657Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 09:22:27.083{08CB57FB-CDD3-64AB-1102-00000000FA02}1776C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=A434E761D405DDC4EC4411D69D80BAAB,SHA256=DC09085E78020D3044660ED762A8FDBEA00FD859B4EADBE92F8725A9A654F294,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005658Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 09:22:28.911{08CB57FB-CDD4-64AB-1202-00000000FA02}1932C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.5Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=513972A5A10DC2984285F0B15171C10E,SHA256=B025CC16487F6B5B1D63E7080172856F56A669764AF01CCE8C06B4CFDECCD682,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005659Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 09:22:30.255{08CB57FB-CDD6-64AB-1302-00000000FA02}2440C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005660Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 09:22:31.365{08CB57FB-CDD7-64AB-1402-00000000FA02}2780C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.5Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=056A3A318008FF93D6951CA5561B052F,SHA256=9FCD6D853054A359FDAB4CE80E110DEF60EA62DBE7EA90DCBA0FC0F778D0C4E7,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005661Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 09:22:32.130{08CB57FB-CDD8-64AB-1502-00000000FA02}2608C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 13241300x80000000000000005664Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.localT1060,RunKeySetValue2023-07-10 09:22:43.350{08CB57FB-CDE3-64AB-1702-00000000FA02}3160C:\Windows\system32\reg.exeHKLM\System\CurrentControlSet\Control\FileSystem\LongPathsEnabledDWORD (0x00000001)AR-WIN-2\Administrator 154100x80000000000000005663Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 09:22:43.346{08CB57FB-CDE3-64AB-1702-00000000FA02}3160C:\Windows\System32\reg.exe10.0.14393.0 (rs1_release.160715-1616)Registry Console ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationreg.exereg add HKLM\SYSTEM\CurrentControlSet\Control\FileSystem /v LongPathsEnabled /t REG_DWORD /d 1 /fC:\Program Files\ansible\sysmon\AR-WIN-2\Administrator{08CB57FB-C1BC-64AB-DD9C-070000000000}0x79cdd2HighMD5=59A22FA6CF85026BB6BC69A1ADD75C50,SHA256=9E28034CE3AEEA6951F790F8997DF44CFBF80BEFF9FB17413DBA317016A716AD,IMPHASH=EE7EB7FA7D163340753B7223ADA14352{08CB57FB-CDE3-64AB-1602-00000000FA02}3184C:\Windows\System32\cmd.execmd /c reg add HKLM\SYSTEM\CurrentControlSet\Control\FileSystem /v LongPathsEnabled /t REG_DWORD /d 1 /fAR-WIN-2\Administrator 154100x80000000000000005662Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 09:22:43.339{08CB57FB-CDE3-64AB-1602-00000000FA02}3184C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Execmd /c reg add HKLM\SYSTEM\CurrentControlSet\Control\FileSystem /v LongPathsEnabled /t REG_DWORD /d 1 /fC:\Program Files\ansible\sysmon\AR-WIN-2\Administrator{08CB57FB-C1BC-64AB-DD9C-070000000000}0x79cdd2HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{08CB57FB-C22B-64AB-0901-00000000FA02}3604C:\Windows\System32\cmd.exe"cmd.exe" /s /k pushd "C:\Program Files\ansible\sysmon"AR-WIN-2\Administrator 154100x80000000000000006706Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 09:22:44.762{4E8F5BFB-CDE4-64AB-DC01-00000000F902}2292C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=A434E761D405DDC4EC4411D69D80BAAB,SHA256=DC09085E78020D3044660ED762A8FDBEA00FD859B4EADBE92F8725A9A654F294,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006707Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 09:22:45.841{4E8F5BFB-CDE5-64AB-DD01-00000000F902}2172C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.5Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=513972A5A10DC2984285F0B15171C10E,SHA256=B025CC16487F6B5B1D63E7080172856F56A669764AF01CCE8C06B4CFDECCD682,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006708Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 09:22:46.981{4E8F5BFB-CDE6-64AB-DE01-00000000F902}4060C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006709Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 09:22:47.747{4E8F5BFB-CDE7-64AB-DF01-00000000F902}1440C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006710Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 09:22:49.668{4E8F5BFB-CDE9-64AB-E001-00000000F902}1548C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.5Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=056A3A318008FF93D6951CA5561B052F,SHA256=9FCD6D853054A359FDAB4CE80E110DEF60EA62DBE7EA90DCBA0FC0F778D0C4E7,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005665Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 09:23:27.098{08CB57FB-CE0F-64AB-1802-00000000FA02}3620C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=A434E761D405DDC4EC4411D69D80BAAB,SHA256=DC09085E78020D3044660ED762A8FDBEA00FD859B4EADBE92F8725A9A654F294,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005666Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 09:23:28.911{08CB57FB-CE10-64AB-1902-00000000FA02}3212C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.5Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=513972A5A10DC2984285F0B15171C10E,SHA256=B025CC16487F6B5B1D63E7080172856F56A669764AF01CCE8C06B4CFDECCD682,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005667Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 09:23:30.115{08CB57FB-CE12-64AB-1A02-00000000FA02}4716C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005668Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 09:23:31.256{08CB57FB-CE13-64AB-1B02-00000000FA02}1084C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000005669Microsoft-Windows-Sysmon/Operationalar-win-2.attackrange.local-2023-07-10 09:23:32.005{08CB57FB-CE14-64AB-1C02-00000000FA02}4704C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.5Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{08CB57FB-BF04-64AB-E703-000000000000}0x3e70SystemMD5=056A3A318008FF93D6951CA5561B052F,SHA256=9FCD6D853054A359FDAB4CE80E110DEF60EA62DBE7EA90DCBA0FC0F778D0C4E7,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{08CB57FB-BF05-64AB-1D00-00000000FA02}1220C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006711Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 09:23:44.771{4E8F5BFB-CE20-64AB-E101-00000000F902}3880C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=A434E761D405DDC4EC4411D69D80BAAB,SHA256=DC09085E78020D3044660ED762A8FDBEA00FD859B4EADBE92F8725A9A654F294,IMPHASH=F63F438A21D8EB823E551166D2E72BD6{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006712Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 09:23:45.865{4E8F5BFB-CE21-64AB-E201-00000000F902}3612C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe9.0.5Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=513972A5A10DC2984285F0B15171C10E,SHA256=B025CC16487F6B5B1D63E7080172856F56A669764AF01CCE8C06B4CFDECCD682,IMPHASH=E99D29902E9E9D71E38EE092E4F626C7{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006713Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 09:23:46.881{4E8F5BFB-CE22-64AB-E301-00000000F902}3692C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006714Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 09:23:47.631{4E8F5BFB-CE23-64AB-E401-00000000F902}3336C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=5D35E9914422D9C706AFE92A26C18BA4,SHA256=A6A74EBF5C9B5AEBFE110416C8E96078AFBCC4582B3F200DABB7353946A5A7F6,IMPHASH=6A5601498E7E7959885DB6B8832ECC0A{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM 154100x80000000000000006715Microsoft-Windows-Sysmon/Operationalar-win-dc.attackrange.local-2023-07-10 09:23:49.694{4E8F5BFB-CE25-64AB-E501-00000000F902}1792C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe9.0.5Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{4E8F5BFB-BF03-64AB-E703-000000000000}0x3e70SystemMD5=056A3A318008FF93D6951CA5561B052F,SHA256=9FCD6D853054A359FDAB4CE80E110DEF60EA62DBE7EA90DCBA0FC0F778D0C4E7,IMPHASH=9374AAB4494C2195A38F44F0D36C8B58{4E8F5BFB-BF16-64AB-2700-00000000F902}2328C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" serviceNT AUTHORITY\SYSTEM